Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
amazing URL
Posted by: mpour
Date: July 15, 2012 09:10AM

hi

today, i found a url that it's like following:

id=365b158b-a0ca-41ca-9337-2f6ed2e6e3bb

i don't know what it is?!

Please help me.

is it a kind of encoding or not?

Options: ReplyQuote
Re: amazing URL
Posted by: infinity
Date: July 15, 2012 11:05AM

Hi,

generally, this could be anything or nothing at all. If it is part of a URL, it looks like an ordinary GET parameter which is passed to the server. This could be a product id of a shop item, the id of a forum member, a page id generated by some weird CMS ... without knowing the context, anything is possible.

From the characters used in "365b158b-a0ca-41ca-9337-2f6ed2e6e3bb" it looks like hexadecimal numbers, separated by hyphens.

For fun we can convert the hexadecimal number to decimal numbers:

365b158b => 911938955
a0ca => 41162
9337 => 37687
2f6ed2e6e3bb => 52153031254971

But this doesn't give us any new information. From such a short sample it is usually impossible to say if some special encoding was used.

Using Google I found this URL (slightly modified):
hxxp://www.example.com/Portal/Home/Default.aspx?CategoryID=365b158b-a0ca-41ca-9337-2f6ed2e6e3bb

It contains the same string, which you have posted above. In this case it looks like a category id, nothing mysterious. :-)

Options: ReplyQuote
Re: amazing URL
Posted by: mpour
Date: July 15, 2012 11:10AM

yeah,
for example it's a id for news, but when i remove it and send a ' , the page redirects to index page.could it be a sqli?

Options: ReplyQuote
Re: amazing URL
Posted by: infinity
Date: July 15, 2012 12:37PM

Hi,

this behaviour is not an indicator of a vulnerability, it could be that the script is testing the parameter for plausibility inside an if/else construct which redirects all strange or non-fitting requests to the start page instead of showing an error message or doing nothing at all.

From the presence or absence of error messages and redirects alone we cannot conclude that there is some SQL injection vulnerability, as long as we know nothing about the programming logic in the script. There may be all kind of error handling going on - or none at all. I don't know, if the mentioned URLs are vulnerable. I'm not going to test it :-)

Options: ReplyQuote
Re: amazing URL
Posted by: mpour
Date: July 15, 2012 03:21PM

Thanks :)

Options: ReplyQuote


Sorry, only registered users may post in this forum.