yoyois Posted June 29, 2012 Report Posted June 29, 2012 http://mytest-php.web44.net/Urmati instructiunile ... nu stiu ce sa ii mai adaug. Sper ca ma puteti ajuta voi cu niste sugestii. As vrea sa rafinez si povestea.Astept parerea voastra! Quote
cLw7hp Posted June 29, 2012 Report Posted June 29, 2012 Parametru: userTip SQLi: POSTData:'+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'Parametru: userTip vuln: XSS POSTPost data:'"--></style></script><script>alert(0x0002A1)</script> Quote
yoyois Posted June 29, 2012 Author Report Posted June 29, 2012 (edited) Doar treci de sistemul de logare Edit: vulnerabilitatea Sql trebuie sa existe.Am scos XsS! Treceti de pagina principala de login veti fi redirectionati.Revizuit ... nimeni ? Edited June 29, 2012 by yoyois Quote
yoyois Posted July 2, 2012 Author Report Posted July 2, 2012 (edited) Postati dovada ca ati ajuns cat mai departe.Astept pareri/ajutor mai am cateva idei! Edited July 2, 2012 by yoyois Quote
yoyois Posted July 2, 2012 Author Report Posted July 2, 2012 DAM it! Pune ceva la email si apasa LOGIN! te redirectioneaza pe o alta pagina ... si tot asa ... Quote
yoyois Posted July 2, 2012 Author Report Posted July 2, 2012 pinguinulturbat: UITE-TE ATENT LA profX.jpg poate e scris in notepad ... Quote
pinguinulturbat Posted July 2, 2012 Report Posted July 2, 2012 pinguinulturbat: UITE-TE ATENT LA profX.jpg poate e scris in notepad ...SELECT * FROM example WHERE user='profX' and pass='5baXXXXXXXXXXXXb7ee68fd8' game will continue! Quote
