Web Analytics Made Easy - StatCounter
FoulsCode

Εμφάνιση αναρτήσεων με ετικέτα SQL. Εμφάνιση όλων των αναρτήσεων
Εμφάνιση αναρτήσεων με ετικέτα SQL. Εμφάνιση όλων των αναρτήσεων

22 Ιουνίου 2017

SQL Injection Filter Bypassing v0.4


Note: This application does not require any database.

Code:

<!DOCTYPE html>
<html>
<head>
<title>SQL Injection Filter Bypassing v0.4</title>
<style>
hr {margin:24px 0;}
</style>
</head>
<body>
<h1>SQL Injection Filter Bypassing v0.4</h1>
<?php
$filter = array(
'syntax' => array(
'union' => array('caption' => 'UNION','filter' => 'union'),
'select' => array('caption' => 'SELECT','filter' => 'select'),
'from' => array('caption' => 'FROM','filter' => 'from'),
'where' => array('caption' => 'WHERE','filter' => 'where'),
'limit' => array('caption' => 'LIMIT','filter' => 'limit'),
'wait_for' => array('caption' => 'WAIT FOR','filter' => 'wait for'),
'group_by' => array('caption' => 'GROUP BY','filter' => 'group by'),
'order_by' => array('caption' => 'ORDER BY','filter' => 'order by'),
'into' => array('caption' => 'INTO', 'filter' => 'into'),
'file' => array('caption' => 'FILE', 'filter' => 'file'),
'outfile' => array('caption' => 'OUTFILE', 'filter' => 'outfile'),
'infile' => array('caption' => 'INFILE', 'filter' => 'infile'),
'having' => array('caption' => 'HAVING', 'filter' => 'having'),
'truncate' => array('caption' => 'TRUNCATE', 'filter' => 'truncate'),
'insert' => array('caption' => 'INSERT','filter' => 'insert'),
'update' => array('caption' => 'UPDATE','filter' => 'update'),
'delete' => array('caption' => 'DELETE','filter' => 'delete'),
'droptable' => array('caption' => 'DROPTABLE','filter' => 'droptable'),
'case' => array('caption' => 'CASE', 'filter' => 'case'),
),
'operators' => array(
'and' => array('caption' => 'AND','filter' => 'and'),
'&&' => array('caption' => '&&','filter' => '&&'),
'or' => array('caption' => 'OR','filter' => 'or'),
'||' => array('caption' => '||','filter' => '\|\|'),
'=' => array('caption' => '=', 'filter' => '='),
'<>' => array('caption' => '<>', 'filter' => '<>'),
'like' => array('caption' => 'LIKE','filter' => 'like'),
'is' => array('caption' => 'IS','filter' => 'is'),
'not' => array('caption' => 'NOT','filter' => 'not'),
'if' => array('caption' => 'IF','filter' => 'if'),
'null' => array('caption' => 'NULL','filter' => 'null')
),
'functions' => array(
'benchmark' => array('caption' => 'BENCHMARK','filter' => 'benchmark'),
'hex' => array('caption' => 'HEX','filter' => 'hex'),
'unhex' => array('caption' => 'UNHEX','filter' => 'unhex'),
'substr' => array('caption' => 'SUBSTR','filter' => 'substr'),
'mid' => array('caption' => 'MID','filter' => 'mid'),
'extractvalue' => array('caption' => 'ExtractValue','filter' => 'extractvalue'),
'concat' => array('caption' => 'CONCAT', 'filter' => 'concat'),
'concat_ws' => array('caption' => 'CONCAT_WS','filter' => 'concat_ws'),
'group_concat' => array('caption' => 'GROUP_CONCAT','filter' => 'group_concat'),
'mod' => array('caption' => 'MOD','filter' => 'mod'),
'load_file' => array('caption' => 'LOAD_FILE','filter' => 'load_file'),
'cast' => array('caption' => 'CAST', 'fitler' => 'cast'),
),
'misc' => array(
'--' => array('caption' => '--','filter' => '--'),
'#' => array('caption' => '#','filter' => '#'),
'/*' => array('caption' => '/*','filter' => '\/\*'),
)
);
if (!empty($_POST)) {
$case = (isset($_POST['case'])) ? $_POST['case'] : 'lower';
$method = (isset($_POST['method'])) ? $_POST['method'] : 'string';
$injection = $_POST['injection'];
$mods = '';
if ($case == 'both') { $mods .= 'i'; }
$parts = array();
if (isset($_POST['filter'])) {
foreach ($_POST['filter'] as $type => $keyword) {
foreach ($keyword as $k => $state) {
$key = $filter[$type][$k]['filter'];
if ($case == 'upper') {
$used[$k] = strtoupper($key);
$parts[] = strtoupper($key);
} elseif ($case == 'lower') {
$used[$k] = strtolower($key);
$parts[] = strtolower($key);
} else {
$used[$k] = $key;
$parts[] = $key;
}
}
}

$filters = implode('|',$parts);

#if ($method == 'integer') { $used['\''] = '\\\''; $used['\"'] = '\\\"'; $filters .= '|\'|\"'; }
if ($method == 'integer') { $used['\''] = '\\\''; $user['\"'] = '\\\"'; $filters .= '|\'|\"'; }

if (preg_match_all("/{$filters}/{$mods}", $injection, $matches)) {
$matched = array();
for ($i = 0;$i <= (sizeof($matches[0])-1);$i++) {
$matched[] = $used[strtolower($matches[0][$i])];
}
$matched = implode('|', $matched);
$injection = preg_replace("/({$matched})/{$mods}", '<span style="color:red;">\1</span>', $injection);
$triggers = array_unique($matches[0]);
$triggers = implode(', ', $triggers);
if ($method == 'string') {
$query = "SELECT * FROM table WHERE column = '{$injection}'";
} else {
$query = "SELECT * FROM table WHERE column = {$injection}";
}
echo "<hr><h2>Result: Filtered</h2><strong>Triggers:</strong> {$triggers}<br /><br />{$query}<hr>";
} else {
if ($method == 'string') {
$query = "SELECT * FROM table WHERE column = '{$injection}'";
} else {
$query = "SELECT * FROM table WHERE column = {$injection}";
}
echo "<hr><h2>Result: Passed</h3>{$query}<hr>";
}
} else {
if ($method == 'integer') {
if (!isset($filters)) { $used['\''] = '\\\''; $user['\"'] = '\\\"'; $filters = '|\'|\"'; }
if (preg_match_all("/{$filters}/{$mods}", $injection, $matches)) {
$matched = array();
for ($i = 0;$i <= (sizeof($matches[0])-1);$i++) {
if (isset($used[strtolower($matches[0][$i])])) {
$matched[] = $used[strtolower($matches[0][$i])];
}
}
$matched = implode('|', $matched);
$triggers = array_unique($matches[0]);
$triggers = implode(', ', $triggers);
$injection = preg_replace("/({$matched})/{$mods}", '<span style="color:red;">\1</span>', $injection);
if ($method == 'string') {
$query = "SELECT * FROM table WHERE column = '{$injection}'";
} else {
$query = "SELECT * FROM table WHERE column = {$injection}";
}
echo "<hr><h2>Result: Filtered</h2><strong>Triggers:</strong> {$triggers}<br /><br />{$query}<hr>";
}
} else {
if ($method == 'string') {
$query = "SELECT * FROM table WHERE column = '{$injection}'";
} else {
$query = "SELECT * FROM table WHERE column = {$injection}";
}
echo "<hr><h2>Result: Passed</h2>{$query}<hr>";
}
}
}
?>
<form name="keywords" method="post" action="">
<input type="text" name="injection" style="width:500px;" autofocus="true" value="<?php echo (isset($_POST['injection'])) ? $_POST['injection'] : ''; ?>">
<input type="submit" value="Execute"><br />
<?php $case = (isset($_POST['case'])) ? $_POST['case'] : 'both'; ?>
<?php $method = (isset($_POST['method'])) ? $_POST['method'] : 'string'; ?>
Case: <input type="radio" name="case" value="both"<?php echo ($case == 'both') ? ' checked' : ''; ?>> Any
<input type="radio" name="case" value="lower"<?php echo ($case == 'lower') ? ' checked' : ''; ?>> Lowecase
<input type="radio" name="case" value="upper"<?php echo ($case == 'upper') ? ' checked' : ''; ?>> Uppercase<br />
Method: <input type="radio" name="method" value="string"<?php echo ($method == 'string') ? ' checked' : ''; ?>> String
<input type="radio" name="method" value="integer"<?php echo ($method == 'integer') ? ' checked' : ''; ?>> Integer<br />
Predefined filters: <select onchange="setPredefined()" id="predefined">
<option>Predefined</option>
<option value="1">AND, OR, NULL, WHERE, WHILE</option>
<option value="2">UNION, SELECT, FROM, HAVING</option>
<option value="5">UNION, SELECT, FROM, WHERE</option>
<option value="3">INTO, FILE, CASE</option>
<option value="4">GROUP BY, ORDER BY, HAVING, LIMIT</option>
</select>
<table border="1" cellpadding="4" cellspacing="0" style="border:1px solid #000000;border-collapse:collapse;width:600px;">
<thead>
<th style="width:25%;">SYNTAX</th>
<th style="width:20%;">OPERATORS</th>
<th style="width:30%;">FUNCTIONS</th>
<th style="width:25%;">MISC</th>
</thead>
<tbody>
<tr>
<td valign="top">
<?php
foreach($filter['syntax'] as $key => $keyword) {
$checked = (isset($_POST['filter']['syntax'][$key])) ? ' checked' : '';
$id = "syntax_{$key}";
echo "<input type=\"checkbox\" id=\"{$id}\" name=\"filter[syntax][{$key}]\"{$checked}> {$keyword['caption']}<br />\n";
}
?>
</td>
<td valign="top">
<?php
foreach($filter['operators'] as $key => $keyword) {
$checked = (isset($_POST['filter']['operators'][$key])) ? ' checked' : '';
$id = "operators_{$key}";
echo "<input type=\"checkbox\" id=\"{$id}\" name=\"filter[operators][{$key}]\"{$checked}> {$keyword['caption']}<br />\n";
}
?>
</td>
<td valign="top">
<?php
foreach($filter['functions'] as $key => $keyword) {
$checked = (isset($_POST['filter']['functions'][$key])) ? ' checked' : '';
$id = "functions_{$key}";
echo "<input type=\"checkbox\" id=\"{$id}\" name=\"filter[functions][{$key}]\"{$checked}> {$keyword['caption']}<br />\n";
}
?>
</td>
<td valign="top">
<?php
foreach($filter['misc'] as $key => $keyword) {
$checked = (isset($_POST['filter']['misc'][$key])) ? ' checked' : '';
$id = "misc_{$key}";
echo "<input type=\"checkbox\" id=\"{$id}\" name=\"filter[misc][{$key}]\"{$checked}> {$keyword['caption']}<br />\n";
}
?>
</td>
</tr>
</tbody>
</table>
</form>
<script language="javascript">
var setPredefined = function() {
e = document.getElementById('predefined')
selected = e.value

uncheckAll();
check = new Array();
switch (e.value) {
case '1':
check = ['syntax_where', 'syntax_limit', 'operators_and', 'operators_or', 'operators_null'];
break;
case '2':
check = ['syntax_union', 'syntax_select', 'syntax_from', 'syntax_having'];
break;
case '3':
check = ['syntax_into', 'syntax_file', 'syntax_case']
break;
case '4':
check = ['syntax_group_by', 'syntax_order_by', 'syntax_having', 'syntax_limit']
break;
case '5':
check = ['syntax_union', 'syntax_select', 'syntax_from', 'syntax_where'];
break;
}

for (var i=0; i < check.length; i++) {
el = document.getElementById(check[i]);
el.checked = true;
}
}

var uncheckAll = function() {
var inputs = new Array();
inputs = document['keywords'].getElementsByTagName('input');

for (var i=0; i < inputs.length; i++) {
if (inputs[i].type == 'checkbox') {
inputs[i].checked = false;
}
}
}
</script>
</body>
</html>



Changelog

v0.4
- Modified the design
- Bug fixes
- Added new filter keywords:
- INTO, FILE, OUTFILE, INFILE, HAVING, NULL, CAST, CASE, TRUNCATE, INSERT, UPDATE, DELETE, DROPTABLE
- Added predefined filters:
- AND, OR, NULL, WHERE, WHILE
- UNION, SELECT, FROM, HAVING
- UNION, SELECT, FROM, WHERE
- INTO, FILE, CASE
- GROUP BY, ORDER BY, HAVING, LIMIT

v0.3
- Added new filter keywords: MOD
- Added separation on string and integer
- Minor bugfix

v0.2
- Cleaned up the design
- Added new filter keywords: <>, IS, NOT, WAIT FOR

v0.1
- Quick draft just to get something working

Enjoy
- Happy Hacking!


Διαβάστε Περισσότερα »

21 Ιουνίου 2017

Εγκατάσταση Php,Apache,Sql στον υπολογιστή μας







Είναι πολύ χρήσιμο να έχουμε εγκατεστημένα στον υπολογιστή μας τα εξής:Php,MySql,Apache server για να μπορούμε άνετα να κάνουμε τις δοκιμές με php και βάσεις δεδομένων.

Αυτό μπορεί να γίνει πολύ εύκολα κατεβάζοντας το πακέτο EasyPhp απο τον παρακάτω σύνδεσμο
http://www.easyphp.org/download.php και το εγκαθιστούμε με τον ίδιο τρόπο όπως όλα τα προγράμματα στα windows.

Ανοίγουμε τώρα έναν editor για να κάνουμε το πρώτο πείραμα.

ΚΏΔΙΚΑΣ:



My first page in PHP


Current date. :




...και σώζουμε το script με την ονομασία test.php στον φάκελλο WWW.

Παράθεση:
Σημαντικό:Όλα τ'αρχεία πρέπει να βρίσκονται στον φάκελλο C:\Program Files\EasyPHP1-8\www


Στην συνέχεια ανοίγουμε έναν browser και πληκτρολογούμε στην διεύθυνση Url: localhost/test.php

Παράθεση:
Προσοχή:Το πακέτο EasyPhp πρέπει να είναι ενεργοποιημένο και να βλέπουμε το εικονίδιο στο Taskbar

Πλέον η php δουλεύει και στον υπολογιστή μας μέσω του Apache Server.

via: wdf.gr
Διαβάστε Περισσότερα »

18 Ιανουαρίου 2017

Λίστα με dorks για sql injection



Mερικά dorks τα οποία μπορούμε να τα βάλουμε στο google και να κάνουμε αναζήτηση για ευπαθείς σελίδες στην sql injection.




inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurllay_old.php?id=
inurl:declaration_more.php?decl_id=
inurlageid=
inurl:games.php?id=
inurlage.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=d=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:fiche_spectacle.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurltray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?av
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurlreview.php?id=
inurl:loadpsb.php?id=
inurlpinions.php?id=
inurl:spr.php?id=
inurlages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurlarticipant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurlrod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurlerson.php?id=
inurlroductinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurlrofile_view.php?id=
inurl:category.php?id=
inurlublications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurlrod_info.php?id=
inurl:shop.php?do=part&id=
inurlroductinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurlroduct.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurlroduit.php?id=
inurlop.php?id=
inurl:shopping.php?id=
inurlroductdetail.php?id=
inurlost.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurlage.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurlroduct_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:tran******.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:review.php?id=
inurl:loadpsb.php?id=
inurl:ages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurlpinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurlffer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
inurl: info.php?id=
inurl : pro.php?id=
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurllay_old.php?id=
inurl:declaration_more.php?decl_id=
inurlageid=
inurl:games.php?id=
inurlage.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurltray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurlreview.php?id=
inurl:loadpsb.php?id=
inurlpinions.php?id=
inurl:spr.php?id=
inurlages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurlarticipant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurlrod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurlerson.php?id=
inurlroductinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurlrofile_view.php?id=
inurl:category.php?id=
inurlublications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurlrod_info.php?id=
inurl:shop.php?do=part&id=
inurlroductinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurlroduct.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurlroduit.php?id=
inurlop.php?id=
inurl:shopping.php?id=
inurlroductdetail.php?id=
inurlost.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurlage.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurlroduct_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:tran******.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:review.php?id=
inurl:loadpsb.php?id=
inurl:ages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurlpinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurlffer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
inurl:shop+php?id+site:fr
"inurl:admin.asp"
"inurl:login/admin.asp"
"inurl:admin/login.asp"
"inurl:adminlogin.asp"
"inurl:adminhome.asp"
"inurl:admin_login.asp"
"inurl:administratorlogin.asp"
"inurl:login/administrator.asp"
"inurl:administrator_login.asp"
inurl:"id=" & intext:"Warning: mysql_fetch_assoc()
inurl:"id=" & intext:"Warning: mysql_fetch_array()
inurl:"id=" & intext:"Warning: mysql_num_rows()
inurl:"id=" & intext:"Warning: session_start()
inurl:"id=" & intext:"Warning: getimagesize()
inurl:"id=" & intext:"Warning: is_writable()
inurl:"id=" & intext:"Warning: getimagesize()
inurl:"id=" & intext:"Warning: Unknown()
inurl:"id=" & intext:"Warning: session_start()
inurl:"id=" & intext:"Warning: mysql_result()
inurl:"id=" & intext:"Warning: pg_exec()
inurl:"id=" & intext:"Warning: mysql_result()
inurl:"id=" & intext:"Warning: mysql_num_rows()
inurl:"id=" & intext:"Warning: mysql_query()
inurl:"id=" & intext:"Warning: array_merge()
inurl:"id=" & intext:"Warning: preg_match()
inurl:"id=" & intext:"Warning: ilesize()
inurl:"id=" & intext:"Warning: filesize()
inurl:"id=" & intext:"Warning: require()
inurl:index.php?id=
inurl:trainers.php?id=
inurl:login.asp
index of:/admin/login.asp
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:Stray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:ogl_inet.php?ogl_id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:opinions.php?id=
inurl:spr.php?id=
inurl:pages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurl:participant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:prod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurl:person.php?id=
inurl:productinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl:profile_view.php?id=
inurl:category.php?id=
inurl:publications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl:prod_info.php?id=
inurl:shop.php?do=part&id=
inurl:productinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurl:product.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurl:produit.php?id=
inurl:produit.php?id=+site:fr
inurl:pop.php?id=
inurl:shopping.php?id=
inurl:productdetail.php?id=
inurl:post.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl:page.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurl:product_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:transcript.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:pages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurl:opinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurl:offer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurllay_old.php?id=
inurl:declaration_more.php?decl_id=
inurlageid=
inurl:games.php?id=
inurlage.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurltray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurlreview.php?id=
inurl:loadpsb.php?id=
inurlpinions.php?id=
inurl:spr.php?id=
inurlages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurlarticipant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurlrod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurlerson.php?id=
inurlroductinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurlrofile_view.php?id=
inurl:category.php?id=
inurlublications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurlrod_info.php?id=
inurl:shop.php?do=part&id=
inurlroductinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurlroduct.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurlroduit.php?id=
inurlop.php?id=
inurl:shopping.php?id=
inurlroductdetail.php?id=
inurlost.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurlage.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurlroduct_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:transcript.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:review.php?id=
inurl:loadpsb.php?id=
inurl:ages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurlpinions.php?id=
inurl:announce.php?id=
 

inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurlffer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
Διαβάστε Περισσότερα »

2 Ιανουαρίου 2017

ParanoicScan



Vulnerability Scanner

As the first program of 2014 I bring you the new version of my ParanoicScan in its version 1.7, while some people stole the source code of the previous version of this program code, the issue is that not bother me that you used the code but only changed him the program name and the name of the author did not bother to change the names of the variables only changed the name of the author, for a moment hesitate to continue to share the code of this 2-year project working but despite that I continue to share the code of this program, besides explorer (of perlenespanol) recommended me to do another version of this program was to demonstrate that the real author so that the program has the dual function and arrange countless bugs that were in all the code.


[++] Old Options


Google & Bing Scanner that also scan :

XSS

SQL GET / POST

SQL GET

SQL GET + Admin

Directory listing

MSSQL

Jet Database

Oracle

LFI

RFI

Full Source Discloure

HTTP Information

SQLi Scanner

Bypass Admin

Exploit FSD Manager

Paths Finder

IP Locate

Crack MD5

Panel Finder

Console


[++] Fixes


[+] Refresh of existing pages to crack md5
[+] Error scanner fsd
[+] Http error scanner scan
[+] Spaces between text too annoying
[+] Added array to bypass
[+] Failed to read from file


[++] New options


[+] Generate all logs in a html file
[+] Incorporates random and new useragent
[+] Multi encoder / decoder :

Ascii

Hex

Url

Bin To Text & Text To Bin


[+] PortScanner
[+] HTTP FingerPrinting
[+] CSRF Tool
[+] Scan XSS
[+] Generator for XSS Bypass
[+] Generator links to tiny url
[+] Finder and downloader exploits on Exploit-DB
[+] Mysql Manager
[+] Tools LFI


An image :



An video :

Available for download here :


https://github.com/DoddyHackman/ParanoicScan
https://code.google.com/p/paranoicscan/source/browse/
https://sourceforge.net/projects/paranoicscan/?source=directory
http://pastebin.com/yKfJhCT2


Perl Updated a year ago
Python/ParanoicScan 0.4 Updated a year ago
Zip Updated a year ago
.gitattributes Vulnerability Scanner 3 years ago
.gitignore Vulnerability Scanner 3 years ago
README.md

Good Bye
Διαβάστε Περισσότερα »

31 Δεκεμβρίου 2016

Hacking Resources



Disclosures

Application Logic

06/18/2013 - https://labs.spotify.com/2013/06/18/creative-usernames/ - Creative usernames and Spotify account hijacking
06/26/2013 - Hijacking a Facebook Account with SMS - https://whitton.io/articles/hijacking-a-facebook-account-with-sms/
03/25/2014 - Phabricator Bypass auth.email-domains - https://hackerone.com/reports/2233
05/15/2016 - The Bank Job - https://boris.in/blog/2016/the-bank-job/
05/19/2016 - InstaBrute: Two Ways to Brute-force Instagram Account Credentials - https://www.arneswinnen.net/2016/05/instabrute-two-ways-to-brute-force-i...
06/06/2016 - Trello bug bounty: Payments informations are sent to the webhook - https://hethical.io/trello-bug-bounty-payments-informations-are-sent-to-...
06/07/2016 - Pwning Pornhub (memcache) - https://blog.zsec.uk/pwning-pornhub/
07/01/2016 - Magento – Re-Installation & Account Hijacking Vulnerabilities - http://netanelrub.in/2016/07/01/magento-re-installation-account-hijackin...
08/08/2016 - Free way to Facebook Freebooting | Hacking Rights Manager - http://www.7xter.com/2016/08/free-way-to-facebook-freebooting.html
08/16/2016 - Google Chrome, Firefox Address Bar Spoofing Vulnerability - http://www.rafayhackingarticles.net/2016/08/google-chrome-firefox-addres...
08/18/2016 - How I hacked an Android App to Get Free Beer - https://breakdev.org/how-i-hacked-an-android-app-to-get-free-beer/
09/02/2016 - Response To Request Injection (RTRI) - https://www.bugbountyhq.com/front/latestnews/dWRWR0thQ2ZWOFN5cTE1cXQrSFZ...

Authentication

04/27/2016 - Microsoft Office 365 SAML Bypass - http://www.economyofmechanism.com/office365-authbypass.html
04/28/2016 - Slack bot token leakage exposing business critical information - https://labs.detectify.com/2016/04/28/slack-bot-token-leakage-exposing-b...
06/01/2016 - Taking over Heroku accounts - http://esevece.github.io/2016/06/01/taking-over-heroku-accounts.html
10/20/2016 - Slack, a Brief Journey to Mission Control - http://secalert.net/slack-security-bug-bounty.html
11/02/2016 - Bypassing Two-Factor Authentication on OWA & Office365 Portals - http://www.blackhillsinfosec.com/?p=5396

CORS/CSP

04/04/2016 - CSP: bypassing form-action with reflected XSS - https://labs.detectify.com/2016/04/04/csp-bypassing-form-action-with-ref...
12/16/2016 - Exploiting Misconfigured CORS (Cross Origin Resource Sharing) - http://www.geekboy.ninja/blog/exploiting-misconfigured-cors-cross-origin...

CSRF

05/17/2016 - How I bypassed Facebook CSRF in 2016 - http://pouyadarabi.blogspot.ca/2016/05/how-i-bypassed-facebook-csrf-in-2...
19/07/2016 - Paypal bug bounty: Updating the Paypal.me profile picture without consent (CSRF attack) - https://hethical.io/paypal-bug-bounty-updating-the-paypal-me-profile-pic...
26/10/2016 - Google Spreadsheet Vuln - CSRF and JSON Hijacking allows data theft - https://www.rodneybeede.com/Google_Spreadsheet_Vuln_-_CSRF_and_JSON_Hija...

CSV Injection

29/01/2013 - Cell Injection: Attacking the End User Through the Application - http://blog.7elements.co.uk/2013/01/cell-injection.html
04/17/2016 - CSV Injection in business.uber.com - http://blog.daviddworken.com/posts/csv-injection-in-businessubercom/

HPP

08/23/2015 - Twitter HPP vulnerability unsubscribing from emails - http://www.merttasci.com/blog/twitter-hpp-vulnerability/
12/03/2015 - Parameter Tampering Attack on Twitter Web Intents - https://ericrafaloff.com/parameter-tampering-attack-on-twitter-web-intents/
02/02/2016 - Bypassing Digits web authentication's host validation with HPP - https://hackerone.com/reports/114169

Host Header Injection
09/06/2016 - Internet Explorer has a URL Problem - http://blog.innerht.ml/internet-explorer-has-a-url-problem/
10/24/2016 - Combining Host Header Injection and Lax Host Parsing Service Malicious Data - https://labs.detectify.com/2016/10/24/combining-host-header-injection-an...

IDOR

06/23/2016 - UBER HACKING: HOW WE FOUND OUT WHO YOU ARE, WHERE YOU ARE AND WHERE YOU WENT! - https://labs.integrity.pt/articles/uber-hacking-how-we-found-out-who-you...
06/23/2016 - Facebook's Bug - Delete any video from Facebook - http://www.pranavhivarekar.in/2016/06/23/facebooks-bug-delete-any-video-...
08/25/2016 - How I Could Have Hacked Multiple Facebook Accounts - https://medium.com/@gurkiratsingh/how-i-could-have-hacked-multiple-faceb...
11/22/2016 - You get a UUID! You get a UUID! Everybody gets a UUID! - http://www.rohk.xyz/uber-uuid/

Information Disclosure

12/21/2016 - Disclosing the primary email address for each Facebook user - http://www.dawgyg.com/2016/12/21/disclosing-the-primary-email-address-fo...

SSRF

04/18/2016 - ESEA Server-Side Request Forgery and Querying AWS Meta Data - http://buer.haus/2016/04/18/esea-server-side-request-forgery-and-queryin...
02/23/2016 - FFMPEG File Disclosure - https://github.com/ctfs/write-ups-2015/tree/master/9447-ctf-2015/web/sup...
Trello Bug BOunty Access Servier Files Using Imagetragick - https://hethical.io/trello-bug-bounty-access-servers-files-using-imagetr...

SSTI

04/25/2016 - Adapting AngularJS Payloads to Exploit Real World Applications - http://blog.portswigger.net/2016/04/adapting-angularjs-payloads-to-explo...

Reverse Engineering

04/19/2016 - Digging into a Facebook Worm -https://gist.githubusercontent.com/phwd/0ec21c6289543f35135e17aa11f7dec1...
07/01/2016 - How I Cracked a Keylogger and Ended Up in Someone's Inbox - https://www.trustwave.com/Resources/SpiderLabs-Blog/How-I-Cracked-a-Keyl...
11/14/2016 - Hacking Team Back For Your Androids - http://rednaga.io/2016/11/14/hackingteam_back_for_your_androids/

Relative Path Overwrite

03/21/2014 - Relative vs Absolute - http://www.thespanner.co.uk/2014/03/21/rpo/
02/17/2015 - Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities - http://blog.portswigger.net/2015/02/prssi.html
07/03/2016 - RPO Gadgets - http://blog.innerht.ml/rpo-gadgets/

XSS

07/06/2010 - Facebook XSS via Cross-Origin Resource Sharinghttp://maustin.net/2010/07/06/facebook_html5.html
02/14/2013 - How I got the Bug Bounty for Mega.co.nz XSS - https://labs.detectify.com/2013/02/14/how-i-got-the-bug-bounty-for-mega-...
04/22/2015 - XSS via Host header - www.google.com/cse - http://blog.bentkowski.info/2015/04/xss-via-host-header-cse.html
12/08/2015 - Creative bug which result Stored XSS on m.youtube.com - http://sasi2103.blogspot.ca/2015/12/creative-bug-which-result-stored-xss...
04/17/2016 - XSS in pypi (and Uber!) - http://blog.daviddworken.com/posts/xss-in-pypi-and-uber/
04/17/2016 - XSS in getrush.uber.com - http://blog.daviddworken.com/posts/xss-in-getrushubercom/
04/19/2016 - Using a Braun Shaver to Bypass XSS Audit and WAF - https://blog.bugcrowd.com/guest-blog-using-a-braun-shaver-to-bypass-xss-...
05/09/2016 - XSS and RCE, domain takeover with remote loaded JS - http://brutelogic.com.br/blog/xss-and-rce/
06/13/2016 - Embedding XSS in SVG files - http://bini.tech/wordpress-remote-upload-unrestricted-file-upload/
07/02/2016 - OneDrive: an easter egg into MS library - XSS on Microsoft and not only - https://luc10.github.io/onedrive-an-easter-egg-into-ms-library/
07/04/2016 - Apple and the 5 XSSes - http://strukt93.blogspot.ca/2016/07/apple-and-5-xsses.html
07/19/2016 - Instagram Reflected XSS in Link Shim - http://ameeras.me/Instagram-Reflected-XSS-in-Link-Shim/
07/19/2016 - Blind XSS in Spotify - https://mhmdiaa.github.io/jekyll/update/2016/07/19/blind-xss-in-spotify....
07/22/2016 - United to XSS United - http://strukt93.blogspot.ca/2016/07/united-to-xss-united.html
08/29/2016 - Turning Self-XSS into Good XSS v2: Challenge Completed but Not Rewarded - https://httpsonly.blogspot.ca/2016/08/turning-self-xss-into-good-xss-v2....
08/31/2016 - Breaching a CA – Blind Cross-site Scripting (BXSS) in the GeoTrust SSL Operations Panel Using XSS Hunter - https://thehackerblog.com/breaching-a-ca-blind-cross-site-scripting-bxss...
09/19/2016 - Combination of techniques lead to DOM Based XSS in Google - http://sasi2103.blogspot.ca/2016/09/combination-of-techniques-lead-to-do...
12/07/2016 - Stored XSS Affecting All Fantasy Sports on Yahoo - http://dawgyg.com/2016/12/07/stored-xss-affecting-all-fantasy-sports-fan...

XXE

06/25/2014 - Identifying Xml eXternal Entity vulnerability (XXE) in GPX files - http://blog.h3xstream.com/2014/06/identifying-xml-external-entity.html
03/21/2015 - XML External Entity (XXE) Injection in Apache Batik Library [CVE-2015-0250] - https://www.insinuator.net/2015/03/xxe-injection-in-apache-batik-library...
08/14/2015 - XXE ALL THE THINGS!!! (INCLUDING APPLE IOS’S OFFICE VIEWER) - https://labs.integrity.pt/articles/xxe-all-the-things-including-apple-io...

CRLF

03/15/2015 - Parse.com - X-Forwarded-Host Injection - Bypass secure & HTTP_only Vulnerability - https://www.youtube.com/watch?v=1yUw7rtTTeI

Remote Code Execution

12/09/2013 - Remote Code Execution exploit in WordPress 3.5.1 - https://tom.vg/2013/12/wordpress-rce-exploit/
02/15/2015 - RCE in Oracle NetBeans Opensource Plugins: PrimeFaces 5.x Expression Language Injection - http://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource...
11/06/2015 - Java unserialization - https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss...
11/12/2015 - XSS to Remote Code Execution with HipChat - http://maustin.net/2015/11/12/hipchat_rce.html
05/04/2016 - Remote Code Execution via ImageMagick - http://pastebin.com/aE4sKnCg (file)
05/10/2016 - Exploiting ImageMagick on Polyvore (Yahoo) - http://nahamsec.com/exploiting-imagemagick-on-yahoo/
07/22/2016 - Exploiting Java Deserialization via JBoss - https://seanmelia.wordpress.com/2016/07/22/exploiting-java-deserializati...
07/25/2016 - CVE-2016-5840: Trend Micro Deep Discovery hotfix_upload.cgi filename Remote Code Execution Vulnerability - http://www.korpritzombie.com/cve-2016-5840-trend-micro-deep-discovery-ho...
08/15/2016 - Jetbrains IDE Remote Code Execution and Local File Disclosure - http://blog.saynotolinux.com/blog/2016/08/15/jetbrains-ide-remote-code-e...
08/24/2016 - The Million Dollar Dissident - https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-...
09/21/2016 - pwn them for learn -http://bugdisclose.blogspot.ca/2016/09/pwn-them-for-learn.html
10/26/2016 - Details on the Privilege Escalation Vulnerability in Joomla - https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vuln...

Memory Related

5/13/2016 - 7-Zip vulnerabilities found by Talos - http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html

Source Code Disclosure

03/27/2016 - A tale of an interesting source code leak - http://secalert.net/#scl-soh
07/19/2016 - Accessing PornHub's SVN repo - https://hackerone.com/reports/72243
07/22/2016 - Twitter's Vine Source code dump - https://avicoder.me/2016/07/22/Twitter-Vine-Source-code-dump/
10/14/2016 - Importance of up-to-date application usage plus complex password OR from directory traversal to admin panel takeover - http://zuh4n.blogspot.ca/

SQLi

12/20/2016 - Flickr from SQLi to RCE - https://pwnrules.com/flickr-from-sql-injection-to-rce/
07/25/2016 - SQL Injection on sctrack.email.uber.com.cn - https://hackerone.com/reports/150156

Subdomain Takeover

10/21/14 - Hostile Subdomain Takeover using Heroku/Github/Desk + more - https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-h...
12/08/14 - Hijacking of abandoned subdomains part 2 - https://labs.detectify.com/2014/12/08/hijacking-of-abandoned-subdomains-...
07/26/16 - Uber Subdomain Takeover - http://blog.eseccyber.tech/article/uber.html
09/05/2016 - How I was able to read Uber logs and internal emails - http://blog.pentestnepal.tech/post/149985438982/how-i-was-able-to-read-u...

HTML Injection

07/26/2016 - Keeping Positive – Obtaining Arbitrary Wildcard SSL Certificates from Comodo via Dangling Markup Injection - https://thehackerblog.com/keeping-positive-obtaining-arbitrary-wildcard-...

OAuth

02/07/2014 - How I Hacked GitHub Again. - http://homakov.blogspot.ca/2014/02/how-i-hacked-github-again.html
07/20/2015 - Bypassing Google Authentication on Periscope's Administration Panel - https://whitton.io/articles/bypassing-google-authentication-on-periscope...
01/04/2016 - Bypassing callback_url validation on Digits - https://hackerone.com/reports/108113
02/29/2016 - Swiping Facebook Official Access Tokens - http://philippeharewood.com/swiping-facebook-official-access-tokens/
04/03/2016 - Obtaining Login Tokens for Outlook, Office or Azure (OAuth) - https://whitton.io/articles/obtaining-tokens-outlook-office-azure-account/
06/16/2016 - Bypass Disabled Client OAuth Login in Facebook Pages Manager App - http://philippeharewood.com/bypass-disabled-client-oauth-login-in-facebo...
10/13/2016 - CVE-2016-4977: RCE in Spring Security OAuth - http://secalert.net/#CVE-2016-4977

Mobile

04/12/2015 - Shopify android client all API request's response leakage - https://hackerone.com/reports/56002
07/26/2016 - Odnoklassniki Android application vulnerabilities - https://hackerone.com/reports/97295

Browser
12/06/16 - Firefox - SVG cross domain cookie vulnerability - https://insert-script.blogspot.ca/2016/12/firefox-svg-cross-domain-cooki...


CTF Writeups

03/03/2013 - Unauthorized Access: Bypassing PHP strcmp() - http://danuxx.blogspot.ca/2013/03/unauthorized-access-bypassing-php-strc...
06/09/2016 - Hack in the Box 2016 – MISC400 Writeup (Part 1) - http://rileykidd.com/2016/06/09/hack-in-the-box-2016-misc400-writeup-par...
10/03/2016 - Hacking the Hard Way at the Derbycon CTF - https://labs.signalsciences.com/hacking-the-hard-way-at-the-derbycon-ctf...
BSides Ottawa CTF - Second Place! - https://blog.fletchto99.com/2016/october/bsides-ottawa/
2016 Hack the Vote - https://github.com/ctfs/write-ups-2016/tree/master/hack-the-vote-ctf-2016
Resources

XXE Payloads in iOS - http://en.hackdig.com/08/28075.htm
Burp Tutorials - https://vimeo.com/album/3510171
Facebook CTF - https://github.com/facebook/fbctf
SSRF Bible - https://docs.google.com/document/d/1v1TkWZtrhzRLy0bYXBcdLUedXGb9njTNIJXa...
Jerry Gamblin Hacking Blog - http://jerrygamblin.com/category/hacking
Filedescriptor XSS Polygots - http://polyglot.innerht.ml/
prompt.ml XSS Challenge - https://github.com/cure53/XSSChallengeWiki/wiki/prompt.ml#hidden-level--1
Hacking with Unicode - https://speakerdeck.com/mathiasbynens/hacking-with-unicode-in-2016
Programming Practice (paid premium) - https://coderbyte.com/
Online CTF Practice challenges - https://backdoor.sdslabs.co
Nicolas Grégoire Burp Pro Tips - http://www.agarri.fr/docs/HiP2k13-Burp_Pro_Tips_and_Tricks.pdf
Open Security Training - http://opensecuritytraining.info/
OWASP Mutillidae II Web Pen-Test Practice Application - https://sourceforge.net/projects/mutillidae/
DNS - https://haxpo.nl/haxpo2015ams/wp-content/uploads/sites/4/2015/04/D1-P.-M...
XSS without HTML: Client-Side Template Injection with AngularJS - http://blog.portswigger.net/2016/01/xss-without-html-client-side-templat...
File Upload XSS - http://brutelogic.com.br/blog/file-upload-xss/
CSV Injection Mitigations - https://blog.zsec.uk/csv-dangers-mitigations/
Comma Separated Vulnerabilities - http://www.contextis.com/resources/blog/comma-separated-vulnerabilities/
Running your own anonymous rotating proxies - http://blog.databigbang.com/running-your-own-anonymous-rotating-proxies/
Reviewing bug bounties - a hacker's perspective - http://www.skeletonscribe.net/2016/08/reviewing-bug-bounties-hackers.html
Practical HTTP Host Header Attacks - http://www.skeletonscribe.net/2013/05/practical-http-host-header-attacks...
Practice CTF List / Permanant CTF List - https://captf.com/practice-ctf/
lcamtuf's blog - https://lcamtuf.blogspot.ca/
Backup File Artifacts - http://blog.mazinahmed.net/2016/08/backup-file-artifacts.html
Unicode Character 'PILE OF POO' - http://www.fileformat.info/info/unicode/char/1F4A9/index.htm
Decompile and Recompile Android APK - https://blog.bramp.net/post/2015/08/01/decompile-and-recompile-android-apk/
Frans Rosen - Time Based Captcha Protected SQLi - http://www.slideshare.net/fransrosen/time-based-captcha-protected-sql-in...
CSP Is Dead, Long Live CSP! On the Insecurity of Whitelists and the Future of Content Security Policy - https://research.google.com/pubs/pub45542.html
How to View TLS Traffic in Android’s Logs - https://blog.securityevaluators.com/how-to-view-tls-traffic-in-androids-...
https://url.spec.whatwg.org/
AngularJS Sandbox Escapes Explained - https://www.reddit.com/r/angularjs/comments/557bhr/xss_in_angularjs_vide...
Senate Republicans were skimmed for six months, quietly fix store - https://gwillem.github.io/2016/10/04/how-republicans-send-your-credit-ca...
Introduction to OSINT: Recon-ng Tutorial - https://strikersecurity.com/blog/getting-started-recon-ng-tutorial/
Exploiting CORS misconfigurations - http://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-fo...
Abusing Dorking and Robots.txt - http://sten0.ghost.io/2016/10/13/abusing-dorking-and-robots-txt/
Brute Logic XSS Challenge I - http://brutelogic.com.br/blog/xss-challenge-i/
How Google and Bing Protect their APIs - https://rudk.ws/2016/10/23/how-google-and-bing-protects-their-api/
Free Dev Books - https://devfreebooks.github.io/
IOS Application Security Review Methodology - http://research.aurainfosec.io/ios-application-security-review-methodology/
Anatomy of a Subtle JSON Vulnerability - http://haacked.com/archive/2008/11/20/anatomy-of-a-subtle-json-vulnerabi...
Finding XSS Slidedeck - http://slides.com/mscasharjaved/deck-13#/
XSS Polyglots - https://blog.bugcrowd.com/xss-polyglots-the-context-contest?utm_campaign...
Bypassing Saml 2.0 SSO - http://research.aurainfosec.io/bypassing-saml20-SSO/
Bypassing CSP using polyglot jpegs - http://blog.portswigger.net/2016/12/bypassing-csp-using-polyglot-jpegs.html
Facebook Graphql Crash Course - https://www.facebook.com/notes/phwd/a-facebook-graphql-crash-course/1189...
New XXSI Vector Untold Merits of nosniff - https://www.hurricanelabs.com/blog/new-xssi-vector-untold-merits-of-nosniff
Research papers

Minded Security Expression Language Injection Paper - https://www.mindedsecurity.com/fileshare/ExpressionLanguageInjection.pdf
Sandboxing JavaScript in the Browser - https://var.thejh.net/thesis_excerpt.pdf
Does The Online Card Payment Landscape Unwittingly Facilitate Fraud? - http://eprint.ncl.ac.uk/file_store/production/230123/19180242-D02E-47AC-...
Online Courses / Training

Cyber Security Base with F-Secure is a free course series by University of Helsinki - https://cybersecuritybase.github.io/
Vulnerable Web Applications for Learning - https://securitythoughts.wordpress.com/2010/03/22/vulnerable-web-applica...
Jame Kettle's hackxor - http://hackxor.sourceforge.net/cgi-bin/index.pl#demo
Google XSS Game - https://xss-game.appspot.com/
Google DOM Based XSS - https://public-firing-range.appspot.com/address/index.html
Code Lab: Web Application Exploits and Defenses - https://google-gruyere.appspot.com/
Cheat Sheets

Path Traversal Cheat Sheet Linux - https://www.gracefulsecurity.com/path-traversal-cheat-sheet-linux/
XXE - https://www.gracefulsecurity.com/xxe-cheatsheet/
HTML5 Security Cheat Sheet - https://html5sec.org/
Brute XSS Cheat Sheet - http://brutelogic.com.br/blog/cheat-sheet/
MySQL SQL Injection Cheat Sheet - http://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-c...
AngularJS Sandbox Bypass Collection (includes 1.5.7) - http://pastebin.com/xMXwsm0N
Java Deserialization - https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
Penetration testing tools cheat sheet - https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/
OAuth - https://github.com/homakov/oauthsecurity
Burp How Tos

http://security-geek.in/2014/08/22/using-burp-suite-to-brute-force-http-...
Tools

Discovery
https://github.com/OJ/gobuster
Sublist3r is python tool that is designed to enumerate subdomains of websites using search engines - https://github.com/aboul3la/Sublist3r
EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible - https://github.com/ChrisTruncer/EyeWitness
Smart content discovery burp plugin with context awareness - https://github.com/pathetiq/BurpSmartBuster
An automated tool that checks for backup artifacts that may discloses the web-application's source code - https://github.com/mazen160/bfac

Recon-ng
Recon-ng + Google Dorks + Burp = ... - https://averagesecurityguy.github.io/2016/10/21/recon-ng-dorks-burp/

Port Scanning
Resolve and quickly portscan a list of (sub)domains - https://github.com/melvinsh/subresolve

Mobile
JD-GUI, a standalone graphical utility that displays Java sources from CLASS files. - https://github.com/java-decompiler/jd-gui
Mobile Security Framework is an intelligent, all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static, dynamic analysis and web API testing - https://github.com/ajinabraham/Mobile-Security-Framework-MobSF
An xposed module that disables SSL certificate checking for the purposes of auditing an app with cert pinning - https://github.com/Fuzion24/JustTrustMe
Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and OS X Apps - https://github.com/nabla-c0d3/ssl-kill-switch2
Android APK Tool - https://ibotpeaches.github.io/Apktool/
Android Dex2Jar - https://github.com/pxb1988/dex2jar

Decompiler
JPEXS Free Flash Decompiler - https://github.com/jindrapetrik/jpexs-decompiler
Flashbang, find theflashVars of a naked SWF and display them - https://github.com/cure53/Flashbang

Java Deserialization
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization - https://github.com/frohoff/ysoserial

Password Cracking
John the Ripper - http://www.openwall.com/john/

Hash Cracking
Online Hash Crack - http://www.onlinehashcrack.com/
CyberChef - https://gchq.github.io/CyberChef/

Vulnerability SaaS
SSRF Detector - https://ssrfdetector.com/
XSSHunter - https://xsshunter.com



via: www.torontowebsitedeveloper.com
Διαβάστε Περισσότερα »

28 Ιουλίου 2016

Είναι το web site σας ασφαλές σε SQL Injection επιθέσεις;




Σύμφωνα με το Wikipedia, το SQL injection είναι μια τεχνική κώδικα injection η οποία ‘εκμεταλλεύεται’ ένα αδύναμο σημείο ασφάλειας που λαμβάνει χώρα στο επίπεδο της βάσης δεδομένων μιας εφαρμογής.


Η ευπάθεια είναι παρούσα όταν η εγγραφή χρήστη έχει φιλτραριστεί λανθασμένα από χαρακτήρες ενσωματωμένους σε SQL statements ή η εγγραφή του χρήστη δεν είναι έντονα δακτυλογραφημένη και έτσι έχουμε ως αποτέλεσμα τη μη σωστή ‘εκτέλεση’ τους. Είναι ένα παράδειγμα μιας περισσότερο γενικότερης κατηγορίας αδύναμων σημείων που μπορεί να συμβεί όταν μια γλώσσα προγραμματισμού είναι μέσα σε μία άλλη. Tα SQL injection attacks είναι γνωστά κ ως SQL insertion attacks. Με απλούς όρους, ο εισβολέας μπορεί να δημιουργήσει μια συγκεκριμένη διεύθυνση URL στο πεδίο ενός website ή web application και να αποσπάσει σημαντικές πληροφορίες από τη βάση δεδομένων όπως το σχέδιο, το σχήμα της βάσης δεδομένων, τις δομές στήλης ή αρχεία τα οποία ενδέχεται να περιέχουν πολύ σημαντικές πληροφορίες, όπως ονόματα χρηστών και κωδικούς. Μια μελέτη δείχνει ότι πάνω από το 60% των web applications που χρησιμοποιούν δυναμικό περιεχόμενο είναι μάλλον ευάλωτα σ’αυτού του είδους την επίθεση. Για να ελέγξετε, αν το website ή το web application σας είναι επιρρεπές στην ‘επίθεση’ αυτή, ακολουθήστε τις απλές οδηγίες παρακάτω:

1. Βρείτε μια διεύθυνση URL στο website ή στο web application σας που μοιάζει με την παρακάτω μορφή:


http://www.yoursite.com/page.php?id=1




2. Έπειτα, τροποποιήστε τη διεύθυνση URL προσθέτοντας το σημείο » ‘ » χωρίς τα εισαγωγικά μπροστά ή πίσω από τον ακέραιο αριθμό. Ελέγξτε το παράδειγμα παρακάτω ως σημείο αναφοράς. Οποιοδήποτε από τα παραδείγματα που περιλαμβάνονται μπορούν να χρησιμοποιηθούν.


http://www.yoursite.com/page.php?id=1'

ή


http://www.yoursite.com/page.php?id='1

3. Τοποθετήστε την τροποποιημένη διεύθυνση URL στο browser σας και ελέγξτε το αποτέλεσμα. Θα υπάρξουν δύο διαφορετικά αποτελέσματα που θα έχουν παραχθεί. Το παραγόμενο αποτέλεσμα θα καθορίσει αν το website ή το web application σας που έχει ελεγχθεί είναι ευάλωτο ή όχι. Αν η σελίδα ‘φορτώσει’ χωρίς κάποιο σφάλμα τότε το website ή το web application σας είναι πιθανό να μην είναι ευάλωτο σε SQL injection attacks. Απ’την άλλη πλευρά, αν η σελίδα δείξει κάποιο σφάλμα όπως αυτό που περιλαμβάνεται ή οποιοδήποτε άλλο, τότε η σελίδα είναι ευάλωτη σ’αυτό το είδος της ‘επίθεσης’.

** SQL query failed ** You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'something' at line 8

Μόλις βρεθεί η σελίδα που έχει την ευπάθεια, μπορεί να απομονωθεί και να διορθωθεί. Παρακάτω υπάρχουν κάποιες πηγές που δείχνουν πως μπορούμε να αποτρέψουμε το SQL Injection Attack στα web applications.

How To: Protect From SQL Injection in ASP.NET

SQL Injection: How To Prevent Security Flaws In PHP / MySQL

How To Prevent PHP Website From SQL Injection

SQL Injection – How To Avoid It


Σημαντική σημείωση: Τροποποίηση και δοκιμή της διεύθυνσης URL δεν προκαλεί καμιά βλάβη στη βάση δεδομένων σας, αλλά θα πρότεινα να κάνετε ένα backup σ’όλα τα αρχεία και τη βάση δεδομένων σας πριν τη δοκιμή. Σε περίπτωση που κάτι πάει στραβά, θα μπορείτε να ανακτήσετε τις πληροφορίες σας απ’τα backups

via: www.web-resources.eu 
Διαβάστε Περισσότερα »

19 Ιανουαρίου 2015

Sqli Anti-Hack Script



Ένα php scriptaki για Anti-Hacking...

Σημείωση: Απλά βάζετε τον παρακάτω κώδικα στην ευπαθή σελίδα... 

 $char=array("%3E", "%3C", "'", "<", ">", "+", "%7B", "%7D", "/", "|", "[", "]", "{", "}", "%60", "^", "*", "$", "%22", "!", ";","%27");
    $i=count($char);
    $n=0;
    
    for($m=0;$m<$i;$m++){
    $n=$n+strpos($_SERVER['QUERY_STRING'],$char[$m]);
    }
        if($n!=0)
            {
                echo "<div style=font-size:35px;><strong>Bad Request (Invalid URL)</strong></div>";
                exit;
            }
        

ΠΗΓΗ
Διαβάστε Περισσότερα »

19 Μαρτίου 2013

Ξεχάσατε τον κωδικό στο MySQL;





Ως web developers και programming funs, έχουμε συναντήσει (ίσως), πολλές καταστάσεις! Οι καταστάσεις βέβαια, διαφέρουν από περιπτώσεις που θα συναντήσεις σε ένα επαγγελματικό project από ένα προσωπικό, ίσως κατά τη διάρκεια που δουλεύουμε σε μία καινούργια τεχνολογία ή ιδέα! Στα αρκετά χρονάκια, που ασχολούμαι με το αντικείμενο, παρόλη τη θεωρητική μου εμπειρία σε αυτά τα συστήματα, όταν μαθαίνω κάτι καινούργιο ή προσπαθώ να επεκτείνω τις γνώσεις μου σε κάτι, καταλήγω και τρώω μέρες σε ηλίθια λάθη, που υποτίθεται ότι δεν έπρεπε να κάνω! Ωστόσο, όλοι κάνουμε ηλίθια λάθη και στην τελική είναι ηλίθιο το γεγονός ότι κρυβόμαστε πίσω από τη μάσκα του έμπειρου coder!
Είμαστε άνθρωποι, και δεν υπάρχουν τόσο ηλίθια λάθη, όσο ανόητοι άνθρωποι! Ένα τέτοιο λάθος θα επιχειρήσω να σας πω πως θα το διορθώσετε! Μια και μου συνέβη πολύ πρόσφατα! Βλέπετε κάνω πολλά πειράματα και πολλές φορές είμαι βιαστικός όταν περνάω settings, οπότε έτυχε να έχω ξεχάσει τον κωδικό root ενός MySQL!
Με λίγο σκέψη και λίγο googling οργάνωσα τη διαδικασία σε ένα cheat sheet ώστε να μην ξαναγίνει!
1) Κλείνουμε τον mysql server!
Αυτό εξαρτάται από το λειτουργικό σας και πόσους servers έχετε εγκατεστημένους! Ωστόσο θα υποθέσω ότι έχετε ένα, γιατί σε άλλη περίπτωση θα πρέπει να αναγνωρίσετε σε ποιον σερβερ θέλετε να κάνετε reset τον κωδικό root!
Στην περίπτωση windows αν έχετε wamp ή xampp, απλά πηγαίνετε στο panel και κλείνετε τον server είτε συγκεκριμένα τον mysql είτε γενικώς με το stop all services! Στην περίπτωση του custom! Είτε πρέπει ανοίξετε το cmd και αφού εμφανίσετε μία λίστα από τις ενεργές υπηρεσίες με το net start. Να βρείτε το όνομα της υπηρεσίας και να γράψετε net stop [όνομα υπηρεσίας]. Είτε μπορείτε να πλοηγηθείτε στο φάκελο που βρίσκετε το mysql.exe και να γράψετε mysqladmin -u root shutdown και θα κλείσει. Σημείωση: η έναρξη γίνεται πάλι ξεκινώντας την υπηρεσία με το net start [όνομα υπηρεσίας] είτε με το mysqld! Στην περίπτωση wamp, xampp μην επιχειρήσετε να χρησιμοποιήσετε την manual μέθοδο, θα σκαλώσει  με πιθανότητα 50/50!

Στη περίπτωση linux, ανοίγετε terminal και γράφετε: sudo /etc/init.d/mysql stop (απλό έτσι…)

2) Κάνουμε override τα δικαιώματα χρήστη (Υποθέτω ότι είστε με το cmd ή το τερματικό στο φάκελο του mysql.exe για ασφάλεια, το αν δουλέψει αλλού εξαρτάται τις ρυθμίσεις που έχετε περάσει και φυσικά πέρα από υποθέσεις, δεν ξέρω τι έχετε κάνει…)!
Γράφουμε:  mysqld_safe –skip-grant-tables

3) Συνδεόμαστε στον mysql server με default στοιχεία (χωρίς κωδικό!)
mysql – -user=root mysql

4) Ορίζουμε νέο κωδικό στον πίνακα mysql
update user set Password=PASSWORD(‘νέος κωδικός’) where user=root;

5)Κάνουμε ανανέωση τα δικαιώματα
flush privileges;

Διαβάστε Περισσότερα »
Related Posts Plugin for WordPress, Blogger...