Ã‘ÂÃ‘Â‚ÃÂ¾ÃÂ¼ - Xakep Online

More documents

Recommendations

Info

12 ÃËÎÁÀËÜÍÀß ÝÏÈÄÅÌÈß ÑÏÅÖ 02-07The error occurred while processingan element with a general identifierof (CFQUERY), occupying documentposition (1:1) to (1:59).Î÷åâèäíî, ÷òî òóò èñïîëüçóåòñÿ ODBC MicrosoftAccess Driver. Òî åñòü â êà÷åñòâå áàçû äàííûõ èñïîëüçóåòñÿáàíàëüíûé MS Access. Ïîïðîáóåì ïîêîâûðÿòüñÿ.Äëÿ íà÷àëà îïðåäåëèì êîëè÷åñòâî ïîëåé,âîçâðàùàåìûõ çàïðîñîì. Îêàçàëîñü, ÷òî Accessíå ìîæåò âîçâðàùàòü áåçûìÿííûå SELECT, è îáÿçàòåëüíîäîëæíà áûòü ñåêöèÿ FROM ñ èìåíåì òàáëèö.Áóäåì çíàòü. Òàê êàê íà ñåðâåðå åñòü ðåãèñòðàöèÿ,ïîïðîáóåì ïðåäïîëîæèòü, ÷òî ñóùåñòâóåòòàáëèöà users. Âáèâàåì â áðàóçåð ñëåäóþùèéURL:http://www.compostingcouncil.org/section.cfm?id=29%20union%20select%201%20from%20usersÌèëûé ñàéò ñ ìèëûìè îøèáêàìècold fusion. Ñëåäóþùóþ æåðòâó ðåøèëè èñêàòüñðåäè ñàéòîâ, ïîñòðîåííûõ íà òåõíîëîãèèMacromedia Cold Fusion. Äîëãî èñêàòü íå ïðèøëîñü.Ïåðâûì íà ãëàçà ïîïàëñÿ ñàéò ñåíàòà ÑØÀ, à òî÷íåå— åãî äåïàðòàìåíòà ïî êîììåðöèè (commerce.-senate.gov). Ïðîñìîòð ïîêàçàë, ÷òî áîëüøèíñòâî ïàðàìåòðîâíå ôèëüòðóþò îäèíàðíóþ êàâû÷êó. Íàïðèìåð,â ñëåäóþùåì URL óÿçâèì ïàðàìåòð id:commerce.senate.gov/hearings/witnesslist.cfm?id=1705Åñëè äîáàâèòü ê ïàðàìåòðó «id=1705 and 1=1», òî ñöåíàðèéïðîãëîòèò ýòó èíúåêöèþ è íå ïîäàâèòñÿ. Îäèíàðíàÿêàâû÷êà òàêæå íå ôèëüòðóåòñÿ. Íî ïîäîáðàòüêîëè÷åñòâî ïîëåé íå óäàëîñü, ïîòîìó ÷òî ôèëüòðóþòñÿçàïÿòûå, òèðå, ñëåøè è çíàê ïðîöåíòà. Øóòèòü ñ ñåíàòîìíå îñîáî õî÷åòñÿ, ïîòîìó ÷òî ýòî ÷ðåâàòî ñåðüåçíûìèïîñëåäñòâèÿìè — ìû îñòàâèëè ñàéò â ïîêîå.Êñòàòè, ñåðâåð senate.gov ñîäåðæèò íå òîëüêîñàéòû ñåíàòîâ, íî è îòäåëüíûõ ñåíàòîðîâ.È áîëüøèíñòâî ïàðàìåòðîâ ôèëüòðóåòñÿ íå î÷åíüêà÷åñòâåííî. Ìû îñîáî íå êîâûðÿëèñü, ïîòîìó ÷òîäîðîæèì ñâîåé ñâîáîäîé :).óäîáðÿåì. Ñëåäóþùàÿ æåðòâà — www.compostingcouncil.org.Ñàéò ïîñâÿùåí êàêèì-òî êîíñóëüòàöèÿìïî óäîáðåíèÿì. Äàâàé ïîïðîáóåì îêó÷èòüáàçó äàííûõ, òåì áîëåå ÷òî ïðîãðàììåð âîîáùå íåçíàåò òàêîãî ñëîâà, êàê ôèëüòðàöèÿ. Áåðåì ëþáîéïàðàìåòð è íà÷èíàåì åãî óäîáðÿòü. Â êà÷åñòâå öåëåóêàçàíèÿâûáðàëè ñëåäóþùèé ñöåíàðèé:http://www.compostingcouncil.org/section.cfmÇäåñü óÿçâèì ïàðàìåòð id. Åñëè äîáàâèòü â åãî êîíåöîäèíàðíóþ êàâû÷êó, òî ïðîèçîéäåò îøèáêà âûïîëíåíèÿñöåíàðèÿ. Ðàññìîòðèì îøèáêó ïîäðîáíåå:ODBC Error Code = 37000 (Syntax erroror access violation)[Microsoft][ODBC Microsoft AccessDriver] Syntax error (missing operator)in query expression 'id = 29'''.Âåëèêîëåïíî! Òàêàÿ òàáëèöà äåéñòâèòåëüíî ñóùåñòâóåò,ïîòîìó ÷òî ñåðâåð ñîîáùàåò íàì, ÷òî êîëè-÷åñòâî ïîëåé â îáúåäèíåííîì çàïðîñå íå ñîâïàäàåò.Òåïåðü ìîæíî ïîäáèðàòü ïîëÿ. Ïîëó÷èëîñü13 øòóê. Íåñ÷àñòëèâîå ÷èñëî, îñîáåííî äëÿ ïðîãðàììèñòàýòîãî ñàéòà. Ïîïðîáóåì ïîäîáðàòü ïîëÿ,êîòîðûå åñòü â òàáëèöå users. Ïîäáîð ïîêàçàë, ÷òîçäåñü ïðèñóòñòâóþò userid, email è memberpwd.Â ïðèíöèïå, äëÿ âçëîìà ýòîãî óæå äîñòàòî÷íî, âåäüïðè ðåãèñòðàöèè ñïðàøèâàþò ìûëî è ïàðîëü, à ýòèäàííûå óæå ìîæíî âûòàùèòü èç òàáëèöû users ñ ïîìîùüþèíæåêòèðîâàíèÿ.Òåïåðü ïîïðîáóåì îïðåäåëèòü, êàêèå åùåòàáëèöû åñòü â áàçå. Ñïðàâêà MS Access ïîäñêàçàëà,÷òî åñòü òàêàÿ ñèñòåìíàÿ òàáëèöà MSysObjects,â êîòîðîé â ïîëå name íàõîäÿòñÿ èìåíà âñåõ òàáëèöáàçû äàííûõ. Ïîïðîáóåì èíæåêòèðîâàòü çàïðîñSELECT ê ýòîé òàáëèöå:http://www.compostingcouncil.org/section.cfm?id=29%20union%20select%201,2,3,4,5,6,name,8,9,10,11,12,13%20from%20MSysObjectsÏîëå name âñòàâèëè â ñåäüìóþ ïîçèöèþ èíæåêòèðîâàííîãîçàïðîñà. Ñîäåðæèìîå ýòîãî ïîëÿ âûâîäèòñÿâ âèäå òàáëèöû íà ðåçóëüòèðóþùåé web-ñòðàíèöå(ðåçóëüòàò ñìîòðè íà ðèñóíêå).Òàêèì îáðàçîì, åñòü âñå ìûëüíèêè, èäåíòèôèêàòîðûè ïàðîëè çàðåãèñòðèðîâàííûõ ïîëüçîâàòåëåé(çàðåãèñòðèðîâàíî òîëüêî òðè ÷åëîâåêàè îäèí èç íèõ ÿâíî àäìèí). È åñòü èìåíà âñåõ òàáëèö.Íà ýòîì èññëåäîâàíèå ìîæíî ïðåêðàùàòü.íÿíüêè è àêóøåðêè. Ñëåäóþùèé ñàéò, êîòîðûéïîïàë íà ãëàçà — www.midwife.com. Âëàäåëåö —êîëëåäæ íÿíåê è àêóøåðîê. Äàâàé ïîïðîáóåì âíèìàòåëüíîèññëåäîâàòü ýòó æåðòâó. Îôîðìëåí ñàéòíåïëîõî, ñöåíàðèè íà Macromedia ColdFusion íàïèñàíûäîñòàòî÷íî èíòåðåñíî.
13Ïîïðîáóåì âñàäèòü â êàêîé-íèáóäü ïàðàìåòð ñèìâîëîäèíàðíîé êàâû÷êè è ïîñìîòðèì íà ðåçóëüòàò.Íà ïåðâûé âçãëÿä, ðåçóëüòàò îáíàäåæèâàþùèé, ïîòîìó÷òî ïðîèçîøëà îøèáêà âûïîëíåíèÿ ñöåíàðèÿ.Ñîîáùåíèå îá îøèáêå ãëàñèò, ÷òî íà ñåðâåðå èñïîëüçóåòñÿMySQL è áàçà äàííûõ ñ èìåíåì plasmacms.Ìîæåò áûòü, ãäå-òî ñóùåñòâóåò òàêîé CMSïî èìåíè Plasma, à ìîæåò áûòü ýòî ñàìîïèñíûéäâèæîê, ïðîñòî àäìèí ðåøèë åãî òàê êðàñèâî íàçâàòü.Ïîïðîáóåì ïðèíÿòü ðîäû áåç ýòîãî, õîòÿ ìîæíîãäå-íèáóäü íà õàëàòå çàïèñàòü èíôîðìàöèþ, íàáóäóùåå.Ñìîòðèì, íà ÷åì æå âñå-òàêè çàòêíóëñÿ ñöåíàðèé.À îí çàòêíóëñÿ íà çàïðîñå:SELECTpageID,pageBody,pageTitle,pageHeader,pageFooter,pageFolder,pageAccess,pageURLFROM plasmaContentWHERE pageID=75'' LIMIT 1Ïîïðîáóåì ïîäóìàòü, ÷òî çäåñü ïðîèñõîäèò. Ñóäÿïî èìåíàì ïîëåé, êîòîðûå âûòàñêèâàþòñÿèç òàáëèöû plasmaContent, CMS äåéñòâèòåëüíî õîðîøàÿ.Äåëî â òîì, ÷òî ïî íîìåðó ID èç òàáëèöû âûáèðàåòñÿçàãîëîâîê, øàïêà, ïîäâàë è URL ñòðàíèöû,êîòîðóþ íóæíî îòîáðàçèòü. Ýòî çíà÷èò, ÷òî åñëèïîïûòàòüñÿ èíæåêòèðîâàòü ñâîé êîä, íè÷åãî íåâûéäåò. Â ïîëå pageURL äîëæåí áûòü êàêîé-òî URLñòðàíèöû, êîòîðûé óçíàòü ïðîáëåìàòè÷íî. Êòî åãîçíàåò, ñ êàêèì äåôåêòîì íÿíüêè è àêóøåðêè ïðîèçâåëèíà ñâåò ñâîåãî web-ïðîãðàììèñòà, è ÷òî îí çàñóíóëâ ýòî ïîëå. Ïîïûòêè âñòàâèòü â íåãî ÷òî-ëèáîíå óâåí÷àëèñü óñïåõîì.Äëÿ èíæåêòèðîâàíèÿ SQL-êîäà íóæíî èñïîëüçîâàòüñëåäóþùèé URL:http://www.midwife.org/news.cfm?id=75 and 1=0 union select 1,2,3,4,5,6,7,8Ïîïðîáóåì áàíàëüíî çàãðóçèòü åãî: http://www.midwife.org/header.cfm.Â îòâåò âèäèì îøèáêó, â êîòîðîéîòîáðàæàåòñÿ äàæå êîä ñöåíàðèÿ, ñðàáîòàâøèé íåâåðíî.Ñàìîå èíòåðåñíîå â ýòîì êîäå — ñëåäóþùàÿñòðîêà:Ïðîáëåìà ÿâíî êðîåòñÿ â òîì, ÷òî â URL íåò ïàðàìåòðàid. Ïîïðîáóåì åãî òóäà âíåäðèòü è çàãðóçèìñòðàíè÷êó òàêèì îáðàçîì: http://www.midwife.org/header.cfm?id=75.Â îòâåò çàãðóçèëàñü øàïêà ñàéòà, íî âíèçóñíîâà ñîîáùåíèå îá îøèáêå è æèðíûì öâåòîìâûäåëåíà ñòðîêà:#subHeader#Íà ýòîò ðàç ïðîáëåìà â òîì, ÷òî ïåðåìåííàÿsubHeader íå èìååò çíà÷åíèÿ. Ïîïðîáóåì çàäàòü åéçíà÷åíèå ÷åðåç URL, òî åñòü äîáàâèì â URL ñëåäóþùèéòåêñò:subHeader=Hello%20from%20Horrific.Âñå ñðàáîòàëî. Ðåáåíîê ðîäèëñÿ êðàñèâûì è çäîðîâûì,à ïîñðåäè ñòðàíèöû êðàñóåòñÿ íàäïèñü «Hellofrom Horrific». Èìåííî ýòîò òåêñò ïåðåäàëñÿ ÷åðåçURL-ïàðàìåòð â ïåðåìåííóþ subHeader.Ïîëó÷àåòñÿ, ÷òî ìû ìîæåì èíæåêòèðîâàòüâ ñòðàíèöó ëþáîé HTML-êîä, â òîì ÷èñëå è Java-Script, à ýòî óæå ïàõíåò àòàêîé XSS. Åñëè ïîïûòàòüñÿçàãðóçèòü ñëåäóþùèé URL, òî íà ñòðàíèöåñ ïîìîùüþ JavaScript îòîáðàçèòñÿ îêíî ñ ïîäîáíûìñîîáùåíèåì:http://www.midwife.org/header.cfm?id=75&subHeader=alert('Ïðèâåò')Òàê êàê íà ñàéòå åñòü ðåãèñòðàöèÿ è öåëûé ðàçäåëmember, îñòàåòñÿ òîëüêî:1 ÂÛßÑÍÈÒÜ E-MAIL ÀÄÐÅÑÀ ÇÀÐÅÃÈÑÒ-ÐÈÐÎÂÀÍÍÛÕ ÏÎËÜÇÎÂÀÒÅËÅÉ;2 ÏÎÄÃÎÒÎÂÈÒÜ URL, ÊÎÒÎÐÛÉ ÁÓÄÅÒÇÀÃÐÓÆÀÒÜ ÑÒÐÀÍÈÖÓ Ñ JAVASCRIPTÈ ÎÒÏÐÀÂËßÒÜ COOKIE ÍÀ ÇÀÐÀÍÅÅÏÎÄÃÎÒÎÂËÅÍÍÛÉ ÑÖÅÍÀÐÈÉ.Îäíèì ñëîâîì, êëàññè÷åñêèé XSS. Ðîäû ïðîøëèóäà÷íî. Ñîîáùèì íÿíüêàì è àêóøåðêàì, ÷òî èõ webïðîãðàììèñòðîäèëñÿ ñ äåôåêòîì ìîçãà :).ó÷èì Berkeley æèçíè. Ñëåäóþùåé æåðòâîé èññëåäîâàíèéñòàë çíàìåíèòûé èíñòèòóò Berkeley.Ïîêàæåì àìåðèêàíöàì æåñòîêóþ äåéñòâèòåëüíîñòü!Èòàê, çàõîäèì íà ñàéò http://cshe.berkeley.edu/è ñìîòðèì, ÷òî òóò åñòü. Âî-ïåðâûõ, ñðàçó áðîñàþòñÿâ ãëàçà ïóáëèêàöèè ñòàòåé. Ïî÷åìó áðîñàþòñÿ?Äà ïîòîìó ÷òî îíè âûáèðàþòñÿ ïî ïàðàìåòðó s, êîòîðûéïåðåäàåòñÿ ÷åðåç url. Ïðîâåðèì ýòîò ïàðàìåòðíà âøèâîñòü.Äëÿ íà÷àëà ïîïðîáóåì äîáàâèòü â åãî êîíåöîäèíàðíóþ êàâû÷êó. Â ðåçóëüòàòå ãðóçèòñÿ ñòðàíèöà,íà êîòîðîé ñîîáùàþò, ÷òî íåò ïóáëèêàöèè äëÿîòîáðàæåíèÿ. Óæå íåïëîõî. À åñëè äîáàâèòü «and1=1»? Òîãäà ïóáëèêàöèÿ âåðíåòñÿ íà ðîäèíó. Âñå ÿñíî,äèàãíîç — SQL Injection â ñêðûòîì âèäå. Òî åñòüîøèáêà åñòü, íî ñîîáùåíèÿ îá îøèáêå íåò. Íó, íè÷åãî,ýòî íå ñèëüíî óñëîæíèò çàäà÷ó.Íè÷åãî íîâîãî íå ïðèäóìûâàåì, à ïðîñòî ïîäáèðàåìêîëè÷åñòâî ïîëåé, âîçâðàùàåìûõ çàïðîñîìâ ñöåíàðèè. Ýòî äåëàåòñÿ ïóòåì äîáàâëåíèÿâ êîíåö ïàðàìåòðà îáúåäèíåíèÿ select è ïîñòåïåí-Íî âìåñòî ÷èñëà 8 íà êîíöå íåîáõîäèìî óêàçàòü êàêîå-òîðåàëüíîå çíà÷åíèå èç áàçû äàííûõ, èíà÷åñöåíàðèé âûâàëèâàåòñÿ â îøèáêó «URL íå íàéäåí».Òàêèì îáðàçîì ïîñòðîåíû àáñîëþòíî âñåñòðàíèöû íà ñàéòå. Íî íå ñòîèò îïóñêàòü ðóêè: áåðåìñêàëüïåëü è äåëàåì «Êåñàðåâî ñå÷åíèå».À òî÷íåå, — ïîñìîòðèì, ÷òî åùå åñòü â ñîîáùåíèèîá îøèáêå. À òàì åñòü ññûëêà íà ôàéë:C:\Inetpub\wwwroot\Clients\midwife.org\www\plasmacms\cfm\page.cfcÝòî íàèáîëåå èíòåðåñíûé ñöåíàðèé, òàê êàê â íåì èïðîèñõîäèò ôîðìèðîâàíèå ñòðàíèöû. Íî äîñòóï ê íåìóèç ñòðîêè URL çàïðåùåí, è ïðè ïîïûòêå îáðàòèòüñÿê íåìó âûâàëèâàåòñÿ ñîîáùåíèå ñ ïðîñüáîé ââåñòèïàðîëü àäìèíà. Ïîñìîòðèì, íà êàêèå åùå ôàéëûðóãàåòñÿ ñöåíàðèé. Ñëåäóþùèì â ñïèñêå èäåò:C:\Inetpub\wwwroot\Clients\midwife.org\www\header.cfmÎøèáêà çàïðîñà
Page 1: 02(75)ÔÅÂÐÀËÜ 2007ÅÆÅÌÅ
Page 4 and 5: ÅÆÅÌÅÑß×ÍÛÉÒÅÌÀÒÈ
Page 6 and 7: timeline2000{çàðîæäåíèå}
Page 8: 06 /37 ÃËÎÁÀËÜÍÀß ÝÏÈ
Page 11 and 12: 9æåò âûïîëíÿòü íåñê
Page 13: 11ñåðâåðå åñòü òàáë
Page 17 and 18: ÝÍÖÈÊËÎÏÅÄÈßGamePostÎ
Page 19 and 20: 17ÝÊÑÏËÎÉÒÀ ÏÎÄ ÊÀÊ
Page 21 and 22: 19çíà÷åíèå èìååò $var1
Page 23 and 24: VERSUS4,3 KENTSFIELD SLINVIDIA Ge
Page 25 and 26: 23ïðèòîíûèíòåðíåòà
Page 27 and 28: 255 /5BugTraq.Ruwww.bugtraq.ru3,5 /
Page 29 and 30: 27Òàáëèöà 1Òàáëèöà 2
Page 31 and 32: 29abstract class Decorator extends
Page 33 and 34: 31PHPÑîçäàâ òàêîé ôàé
Page 36 and 37: 34 ÃËÎÁÀËÜÍÀß ÝÏÈÄÅ
Page 38 and 39: 36 ÃËÎÁÀËÜÍÀß ÝÏÈÄÅ
Page 40: 38 /67 ÎØÈÁÊÈÌÎËÎÄÎÑÒ
Page 43 and 44: 41ÁÛÒÜ ÎÁÐÀÙÅÍÈß Ê Ô
Page 45 and 46: 1 ÌÅÑÒÎ 2 ÌÅÑÒÎ 3 ÌÅÑ
Page 47 and 48: 45ïðîèçâîäèì ïðîâåð
Page 49 and 50: 47CyD NET Utilswww.cydsoft.comshare
Page 52 and 53: 50 ÎØÈÁÊÈ ÌÎËÎÄÎÑÒÈ
Page 54 and 55: 52 ÎØÈÁÊÈ ÌÎËÎÄÎÑÒÈ
Page 56: 54 ÎØÈÁÊÈ ÌÎËÎÄÎÑÒÈ
Page 59 and 60: 57Q: Êàê îò SQL injection è X
Page 61 and 62: æå ëþäÿì, ïðîñòî îð
Page 63 and 64: http://www.gameland.ru/ Dark Fall:
Page 65 and 66:
63Íó è, íàêîíåö, Perl î
Page 67 and 68:
65Íåñêîëüêî ñëîâ î Ne
Page 69 and 70:
67http://dm9.ru/cgi-bin/perltest/sc
Page 71 and 72:
69î ïîäëîãå. Îïÿòü æ
Page 73 and 74:
71ñåíêó ïîä íîìåðîì
Page 75 and 76:
73ÊÀÊÈÅ ÑÏÎÑÎÁÛ ÁÎÐ
Page 77:
{IT}Ñ ÌÀÐÒÀÂÑÅ ÁÓÄÅÒ
Page 82 and 83:
80 ÑÏÅÖ-TOPIC ÑÏÅÖ 02-07È
Page 84 and 85:
82 ÑÏÅÖ-TOPIC ÑÏÅÖ 02-07Ï
Page 86 and 87:
84 ÑÏÅÖ-TOPIC ÑÏÅÖ 02-07è
Page 88 and 89:
86 ÑÏÅÖ-TOPIC ÑÏÅÖ 02-07ì
Page 90 and 91:
88 ÑÏÅÖ-TOPIC ÑÏÅÖ 02-07ã
Page 92:
90 ÑÏÅÖ-TOPIC ÑÏÅÖ 02-07Ò
Page 95 and 96:
93DEEPNESS IN THE SKYby MFXAETHERby
Page 97 and 98:
îáùåíèÿ äèñêóññèè.
Page 99 and 100:
Vista Manager 1.0.3winxp-manager.co
Page 101 and 102:
MSI MEGABOOKS430($1199) 6 áàëë
Page 103 and 104:
MSI MEGABOOKS430($1199) 6 áàëë
Page 105 and 106:
2Àíäðåé Êàðàìíîââå
Page 107 and 108:
105 |ìÿ îíëàéí, æäåò â
Page 109 and 110:
Ðûêîâ áûë óâåðåí: î
Page 111 and 112:
ìîæíîãî çàêëàäûâàí
Page 113 and 114:
Õâàëþ. Íàì áû ñ âàìè
Page 115:
Думаешь, что посмот
show all

Ã‘ÂÃ‘Â‚ÃÂ¾ÃÂ¼ - Xakep Online

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?

Ã‘ÂÃ‘Â‚ÃÂ¾ÃÂ¼ - Xakep Online