Hacking cu Google Code Search

[g3oflo]

care se pricepe aici ?

lang:php (ECHO|PRINT) .*\$_(GET|POST|COOKIE|REQUEST|FILES) - Google Code Search

[JuliusDre]

Prea tare

[crs12decoder]

http://www.google.com/codesearch?q=lang%3Aphp+%28ECHO|PRINT%29+.*\%24_%28GET|POST|COOKIE|REQUEST|FILES%29&hl=en&btnG=Search+Code

Belea... baze de date in voie

[LE]

nu am gasit decat una care sa mearga totusi... ma plictisii de cautat

asta:

thoov.db.5225882.hostedresource.com

user: thoov

pass: Gotbullets7!

Puteti face un script care sa testeze portu 3306 si la alea care sunt deschise va conectati cu phpmyadmin

Nush.. nu sunt rabdator din fire bag pula in ele.

[kNigHt]

Search query-ul ala imi seamana cu un regular expression.

Nu sunt sigur, da cred ca dork-ul ala cauta XSS-uri.

Daca gaseste unul un dork pentru google codesearch cat de cat eficient pentru posibile sqli-uri, toata stima

[Nytro]

Da, nu m-as fi gandit la asa ceva.

Ceva banal:

http://www.google.com/codesearch?hl=en&lr=&q=lang%3Aphp+mysql_query.*\%24_GET&sbtn=Search

[kNigHt]

Da, nu m-as fi gandit la asa ceva.

Ceva banal:

http://www.google.com/codesearch?hl=en&lr=&q=lang%3Aphp+mysql_query.*\%24_GET&sbtn=Search

Poti sa faci un query ceva de genu sa fie in functia mysql_query si sa verifici string-ul ca '.$_GET sau ".$_GET? Poate spatii optional intre " si . si intre . si "/'. Asa esti sigur ca ti le returneaza direct din get, fara escape...

[Nytro]

Cam asa ceva?

http://www.google.com/codesearch?hl=en&lr=&q=lang%3Aphp+^mysql_query.*\.\%24_GET\.*&sbtn=Search

Mai bine asa, sa nu inceapa randu cu mysql_query:

http://www.google.com/codesearch?hl=en&lr=&q=lang%3Aphp+mysql_query.*\.\%24_GET\.*&sbtn=Search

Si cu spatii, poate ceva de forma:

http://www.google.com/codesearch?hl=en&lr=&q=lang%3Aphp+mysql_query.*\.[[%3Aspace%3A]]*\%24_GET[[%3Aspace%3A]]*\.*&sbtn=Search

Daca mai punem POST si COOKIE:

http://www.google.com/codesearch?hl=en&lr=&q=lang%3Aphp+mysql_query.*\.[[%3Aspace%3A]]*\%24_%28GET|POST|COOKIE%29[[%3Aspace%3A]]*\.*&sbtn=Search

Pentru $_GET intre ghilimele, dar da multe alte rezultate:

http://www.google.com/codesearch?hl=en&lr=&q=lang%3Aphp+mysql_query\%28\%22.*\%24_GET.*\%22\%29&sbtn=Search

LFI sau RFI simplu:

http://www.google.com/codesearch?hl=en&lr=&q=lang%3Aphp+%28include|require%29.*\%24_GET.*&sbtn=Search

RCE:

http://www.google.com/codesearch?hl=en&lr=&q=lang%3Aphp+%28eval|exec|system|passthru|shell_exec%29\%28.*\%24_GET.*\%29&sbtn=Search

Conexiune mysql, cu mici filtre:

http://www.google.com/codesearch?hl=en&lr=&q=lang%3Aphp+mysql_connect\%28\%22[^%28127\.0\.0\.1%29%28localhost%29%28\%24%29].*&sbtn=Search

Veniti si voi cu idei...

Edited April 28, 2011 by Nytro