Fitty Posted July 26, 2009 Report Posted July 26, 2009 (edited) asdasdasdas Edited April 20, 2012 by Fitty Quote
CyberWolf08 Posted July 26, 2009 Report Posted July 26, 2009 (edited) Incearca sa pui si un buton de pause/stop pentru ca are obiceiul sa se blocheze la anumite verificari si nu merge decat sa inchizi. Spre exemplu http://www.romanianwriters.ro/book.php?id=-1In rest e foarte tare Edited July 26, 2009 by CyberWolf08 Quote
Fitty Posted July 26, 2009 Author Report Posted July 26, 2009 (edited) Faza e ca nu i-am bagat convert...http://www.romanianwriters.ro/book.php?id=45%20union%20all%20select%201,2,schema_name%20from%20information_schema.schemata%20limit%200,1--ii bag acum LE : I have bagated convert functionen. Link updated Edited July 26, 2009 by Fitty Quote
Fitty Posted July 26, 2009 Author Report Posted July 26, 2009 (edited) Mersi daemien ps: mersi CyberWolf pt sugestie! Edited July 27, 2009 by Fitty Quote
Fitty Posted July 31, 2009 Author Report Posted July 31, 2009 Hai ca nu am avut ce face azi si am imbunatatit MySQL Exploiter-ul. Am adaugat niste chestii, vedeti voi.DOWNLOAD LINK : http://www.sharemobile.ro/download.php?id=373840Dedicatie pt blacksie )) Quote
SirGod Posted July 31, 2009 Report Posted July 31, 2009 LFI exploiter sau load_file?Anyway,bravo. Quote
Fitty Posted July 31, 2009 Author Report Posted July 31, 2009 @SirGod: load_file, LFI via SQLimersi @ 007m, SirGod Quote
SirGod Posted July 31, 2009 Report Posted July 31, 2009 load_file != LFI ,load_file iti arata continutul fisierului,LFI il include,si in orice caz,LFI prin SQLI nu se poate,si nici prin altceva,e pur si simplu LFI. Quote
Fitty Posted July 31, 2009 Author Report Posted July 31, 2009 ei, atunci le confund eu. dar totusi, include continutul unui fisier in pagina tot lfi e bro, oricum i-ai zice Quote
SirGod Posted July 31, 2009 Report Posted July 31, 2009 Nu INCLUDE.Nu e tot aia.Doar afiseaza.Uite un exemplu ca sa faci diferenta : <?$variabila=$_GET['variabila'];$variabila2=$_GET['variabila2'];include "$variabila";file_get_contents "$variabila2";?>Se intampla acelasi lucru?Daca avem :index.php?variabila=../shell.txtVa include continutul,si vei avea shell.Daca avem index.php?variabila2=../shell.txtIti va arata continutul txt-ului,nu va executa php.Eh,load_file() e asemanator cu file_get_contents() nu cu include(). Quote
Fitty Posted August 1, 2009 Author Report Posted August 1, 2009 (edited) da, m-am prins, era vorba de functia include() a PHP-ului. Totusi, e o regula ca acest cuvant, inclusion (include) sa se refere strict la functia include() ? Eu nu cred.Despre "eroare": Am number of columns 100. wtf??Dar cum sa gaseasca numarul coloanelor cand el nu da eroare la order by <nr mare> ??http://www.liebermangallery.com/art.php?id=925%20order%20by%20119992--Esti sigur ca site-ul este vulnerabil? Daca da eroare la adaugarea apostrofului si nu merge sa introduci comenzi, degeaba... Edited August 1, 2009 by Fitty Quote
SirGod Posted August 1, 2009 Report Posted August 1, 2009 da, m-am prins, era vorba de functia include() a PHP-ului. Totusi, e o regula ca acest cuvant, inclusion (include) sa se refere strict la functia include() ? Eu nu cred.Nu strict la include().Ci la :include()include_once()require()require_once()Restu doar citesc continutul,nu il includ => ca nu il poti utiliza,daca incluzi un fisier care are cod php in el va "executa" codul php,dar daca CITESTI(file_get_contents,etc) NU IL VA EXECUTA,doar va arata continutul fisierului. Quote
Oust Posted August 1, 2009 Report Posted August 1, 2009 deci mie imi da eroarea de mai sus... la orice site chiar daca este vulnerabil , si nu mai uploada pe share mobile ca nu merge , doar cu proxy . Quote
Fitty Posted August 1, 2009 Author Report Posted August 1, 2009 @Oust: taci ma. te-ai uitat prin sursa inainte sa faci afirmatiile astea prostesti?@SirGod: da, stiu ca nu are cum sa il execute (codul). eu ma refeream sa includa continutul vreunui fisier (apache logs, /etc/passwd/, mai stiu eu ce..) Quote
SirGod Posted August 1, 2009 Report Posted August 1, 2009 @Oust: taci ma. te-ai uitat prin sursa inainte sa faci afirmatiile astea prostesti?@SirGod: da, stiu ca nu are cum sa il execute (codul). eu ma refeream sa includa continutul vreunui fisier (apache logs, /etc/passwd/, mai stiu eu ce..)Da,arata continutul din apache logs dar nu il executa,deci nu poti obtine remote command execution. Quote
Oust Posted August 1, 2009 Report Posted August 1, 2009 deci vorbesc serios ... nu merge , are cineva unu mai bun ... Quote
Oust Posted August 1, 2009 Report Posted August 1, 2009 (edited) bai fity gg imi merge primu ... 1.0.1 nu 1.1 1.0.1 E BUN !!! Fitty RulzzE bun si ultimu da merge numai la anumite situri uite .. http://www.rocknrollhighschool.nl/index.php?id=63&id_page=17&id_band=29+and+1=2+uNiON+aLl+sElEcT+1,2,3,4,5,6-- Edited August 1, 2009 by Oust Quote
Guest vini4p Posted August 1, 2009 Report Posted August 1, 2009 Un proxy incorporat pe viitor oricum congratz ! Quote
begood Posted August 1, 2009 Report Posted August 1, 2009 Un proxy incorporat pe viitor oricum congratz !+1. ( in case not, use freecap ) Quote