SQL Injection Walkthrough
1.0 Introduction When a machine has only port 80 opened, your most trusted vulnerability scanner cannot return anything useful, and you know that the admin always patch his server, we have to turn to web hacking. SQL injection is one of type of web hacking that require nothing but port 80 and it might just work even if the admin is patch-happy. It attacks on the web application (like ASP, JSP, PHP, CGI, etc) itself rather than on the web server or services running in the OS. This article does not introduce anything new, SQL injection has been widely written and used in the wild. 1.1 What is SQL Injection? 1.2 What do you need? 2.0 What you should look for? Everything between the <FORM> and </FORM> have potential parameters that might be useful (exploit wise). 2.1 What if you can't find any page that takes input? 3.0 How do you test if it is vulnerable? hi' or 1=1-- Into login, or password, or even in the URL. 3.1 But why ' or 1=1--? ' or 'a'='a
RFI Tutorial (remote file inclusion)
Basically, the include function in PHP allows contents from local or remote files to be pretty much "copied and pasted" and executed in a script at runtime. Now suppose yo' dad wants a small website. All he wants is three pages.A blog page where he can update you on how many babies he has killed.A contact page with his email on it os people can ask advice on the best way to kill babies.An gallery page where he can show you pictures of all the babies he has killed. He creates four pages. blog.php, contact.php and gallery.php along with index.php, this is our "main" page that will contain a header, a side bar for navigation, some php and a footer. You would view the pages on his website like this.Code: for header//html for menu$page = $_GET['page'];include($page);? This means when we go to Code: What's wrong with this? Say we change "blog.php" to " Switching.
SQL Injection Attacks by Example
A customer asked that we check out his intranet site, which was used by the company's employees and customers. This was part of a larger security review, and though we'd not actually used SQL injection to penetrate a network before, we were pretty familiar with the general concepts. We were completely successful in this engagement, and wanted to recount the steps taken as an illustration. "SQL Injection" is subset of the an unverified/unsanitized user input vulnerability ("buffer overflows" are a different subset), and the idea is to convince the application to run SQL code that was not intended. We'll note that this was a somewhat winding road with more than one wrong turn, and others with more experience will certainly have different -- and better -- approaches. There have been other papers on SQL injection, including some that are much more detailed, but this one shows the rationale of discovery as much as the process of exploitation. So we'll do it in steps. A standalone query of
HITB Quarterly Magazine
SQL Injection Demo - Nazim's IIS Security Blog
SQL injection seems to have faded from prominence lately and has become just a buzz word. To make things a little more real I put together a quick demo for it, to demonstrate that you don't necessarily have to go out of your way to make your web application exploitable. Here are the ingredients for this demo: ASP.NET application using System.Data.SqlClient to access a SQL database. CAUTION: This is a sample to demo SQLInjection and is hence insecure. Setting up the Database I used SQLExpress for my demo, but you can use whatever is available. Enable the sa account and gave it a password. Populate the tables with sample data. SELECT * FROM Users; SELECT * From Orders; Setting up a Web Application on your Server I used IIS 7.0 and ASP.NET 2.0, but you could use other tools as well. Make sure IIS is running and that you can access the default page. <! Here is the sample code-behind the ASP.Net page, SQLLoginUnsafe.aspx.cs. Make sure you can access the website from your local machine. Conclusion
Hacking Articles,Backtrack Tutorials,Hacking Tricks,Penetration Testing,Metaspolit Tutorial
.:: Phrack Magazine ::.
2600 News | 2600
remote-exploit.org
Irongeek.com
Null Byte - The aspiring grey hat hacker / security awareness playground « Wonder How To
Packet Injection Basics Presentation
Description: The Packet Injection basics presentation is an in-depth tutorial on various packet injection programming techniques. We will look at how to construct various headers and then bunch them together to form a complete packet and then how to send this packet over the network. This presentation is a necessary pre-requisite for all the other packet injection videos in this tutorial series. Links:<br><br>1. Tags: programming , Disclaimer: We are a infosec video aggregator and this video is linked from an external website. Comments:
Category:Attack
This category is for tagging common types of application security attacks. What is an attack? Attacks are the techniques that attackers use to exploit the vulnerabilities in applications. Attacks are often confused with vulnerabilities, so please try to be sure that the attack you are describing is something that an attacker would do, rather than a weakness in an application. All attack articles should follow the Attack template. Examples: Brute Force: Is an exhaustive attack that works by testing every possible value of a parameter (password, file name, etc.) Note: many of the items marked vulnerabilities from CLASP and other places are really attacks. Subcategories This category has the following 12 subcategories, out of 12 total. Pages in category "Attack" The following 68 pages are in this category, out of 68 total.
