Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
For any nonsense or banter that doesn't fit anywhere else. LoL! omg! ROFL! 

Current Page: 1 of 1
Results 1 - 25 of 25
4 years ago
Jeffuk
as per the title... this is a flaw I've seen in major sites, largely .edu to .gov but also a mix everywhere else too. No need to mess around trying SQL injection when you can pick any file on the server, download it, and read it at your own leisure.
Forum: SQL and Code Injection
4 years ago
Jeffuk
Black box or white box?
Forum: SQL and Code Injection
4 years ago
Jeffuk
Ok, a relatively sensible answer.. but if you don't know this already.. please tell me who's given you a job, I want one too! Basically, it's exactly like black-box testing in many ways. In both, you look for every available opportunity for a 'malicious user' to interact with the system, and examine those for vulnerabilities. Personally I would suggest a user input/output module with funct
Forum: OMG Ponies
4 years ago
Jeffuk
Just a quick thing I picked up on a little while back I thought I'd put out there to see if it's really innovative, just common sense, or a bit of both. Step 1: Find a broken website, one with lots of flaws, doesn't matter what the website does or what it's for. Step 2: Look at the bottom of the homepage for 'Web Design By Alice Corp; Step 3: Go to the Portfolio and news pages of 'Alice C
Forum: OMG Ponies
4 years ago
Jeffuk
I'll assume for now it's not running windows 98 so there won't be a password file per se! but you might be onto something, I might be able to get to the system registry... although I guess it will be locked as the server will obviously be in use at the time. Keep the ideas coming! :)
Forum: SQL and Code Injection
4 years ago
Jeffuk
And assuming I have no knowledge of the file structure or contents of a machine, other than that it's running Windows and IIS, no way of browsing the file structure, only loading a specified absolute path; excepting brute force-based techniques for now; what's the most interesting file I could load? I can prove that the system is vulnerable, so ostensibly my work here is complete, but without
Forum: SQL and Code Injection
5 years ago
Jeffuk
Aloha! I have finally found a vuln' in a site.. but the page in question runs two sql queries sequentially using the same GET variables; they have a different number of columns in the two queries, I can inject the union without problem, but always get a column count mismatch type error (have discovered this as it's using verbose errors, so the line number of the error changes when I get the nu
Forum: SQL and Code Injection
5 years ago
Jeffuk
Well, this is the work of a web-design firm that is about to lose a lot of business, because I do care about our users; I think they're small enough and we're a big enough customer for this to really hurt.. so maybe they'll learn something from it.
Forum: SQL and Code Injection
5 years ago
Jeffuk
found an injectable variable (news.php?id=.. or somesuch) then: ID=3%20union%20all%20select%20null,null,null,null,null,null,null,table_name,null,null,null,null%20from%20information_schema.tables (3 is valid input, then no quotes required.. just followed it with the input string!) Loading the mySQL system tables 'tables' this showed up the name of table _foo_bar_users ID=3%20union%20all%20
Forum: SQL and Code Injection
5 years ago
Jeffuk
Perfect, Thank you.
Forum: OMG Ponies
5 years ago
Jeffuk
for common pages/folders such as /phpymyadmin/ /exchange/ etc.OR a list of common folders/pages. I've tried googling, but can't seem to find anything... I've found a web server on our network (in a different division, but still under my control), I'm trying to work out what they use it for, but the default page is the standard IIS holding page, If I had a list I could do something with with
Forum: OMG Ponies
6 years ago
Jeffuk
(trying) to go public.. will link if it gets published. Jeff.
Forum: Privacy
6 years ago
Jeffuk
Matt Presson Wrote: ------------------------------------------------------- > In my opinion this needs to be conveyed to your > bank. I agree, this is very disconcerting. It will be, busy on data analysis today (Boooring....) but after I've got that out the way I'll start drafting an e-mail setting out the actual implications to the bank (and how it hits their pocket!)
Forum: Privacy
6 years ago
Jeffuk
Just logged into my online account on halifax>co>uk to see: "Please update your contact details" A screen I've never seen before, which made me instantly concerned, asking for personal information.. looking at it in detail.. I also notice that the URL for this page, and all the account management is now halifax-online>co>uk ... "omg how has someone pulled this off,
Forum: Privacy
6 years ago
Jeffuk
http://somesite.com/index.php?link=$foo The behaviour of this is to load '$foo.php' within the body of the index page. It does this by using include('$foo.php') As it's included... the file that's loaded gets all of the $_GET variables that the 'parent' page gets. Now. for the funny part: http://somesite.com/index.php?link=index round and round and round she goes.... for 5 mi
Forum: DoS
6 years ago
Jeffuk
http://research.microsoft.com/asirra/ First there's the really really annoying (and illegal, in the UK) fact, that there's no alternative offered for visually impaired users (this could be solved by the implementation, but there's nothing built-in), it also relies on javascript which is also annoying. I'd also like to see how the 'ticket' system works, and whether a ticket could be used mo
Forum: Robots/Spiders/CAPTCHAs, oh my
6 years ago
Jeffuk
I think some XSS could be detected automatically.. Enter <Script>FOO</SCRIPT> plus a few obvious variations ("/><script>.. "<script>... ><script>... etc) in every possible injectable variable; then scan the response for that exact string.. and maybe even run the response through a cut down HTML parser. Should pick up some possible vulns.. althou
Forum: Full Disclosure
6 years ago
Jeffuk
So there are LOTS of people who really don't care about their customers' personal information... At least in England that's very illegal... time to get a list together for the ICO and get them to bust some heads :)
Forum: Privacy
6 years ago
Jeffuk
Found another... On another site I use regularly... This time when you go to checkout it populates a form with your profile delivery address, based on a URL variable... this is too easy..
Forum: Privacy
6 years ago
Jeffuk
and other usefull contact information.. Using this, a scammer could VERY easily phone a site's customers, pretending to be from that site, and ask to confirm credit card details, or anything they need to 'double check' that could be used for ID theft etc. (Who would argue if you buy from a site, and then they phone you within 5 minutes, even I probably would fall for that) the thing is, they
Forum: Privacy
6 years ago
Jeffuk
I have signed up for an account.. and when it's through I'm contacting their CEO and informing him of my intention to access my own account through unconventional means (which isn't illegal in the letter if not the spirit of the UK's computer misuse act; I'm accessing data which I am authorised to access, on a machine that i'm authorised to access,,, so as long as I don't break it, and they don't
Forum: Full Disclosure
6 years ago
Jeffuk
Hi, I understand the need for full public disclosure in 'normal' software.. But how should I handle an exploit i've found in one website? Public disclosure wouldn't help anybody, and it puts the personal information exposed with the vulnerability at even greater risk... BUT ... I want the company to do something about the problem, as they're leaking personal data like it was sweat in a brot
Forum: Full Disclosure
7 years ago
Jeffuk
Yeah, I've tried all the basic stuff, I only get the error if I put the quote mark at the end of the username or password (password can't be blank) so 'm a bit lost for injections to try.... I'm mainly doing this for fun; I suppose the most efficient thing to do now would be whitebox/code reviews... but where's the fun in that? :)
Forum: SQL and Code Injection
7 years ago
Jeffuk
Ok, I'm pinning this down a little.. thought process: as I understand it this seems to imply that the injection is somehow breaking the MYSQL_CONNECT() command. I'm guessing that the username/password pair entered is used to connect to the database before anything else happens SO there's not going to be a database to manipulate/view until AFTER an attacker has determined a valid login...
Forum: SQL and Code Injection
7 years ago
Jeffuk
Hi there, I know that something I've found on the company website is bad, but I don't know HOW bad. There's a login portal, and if I put Username as Foo and password as " (double quote, NOT two single quotes) we get: `The query failed! table_name must be a valid table name that exists in the database specified in mysql_select_db` What does this imply (other than that it's broke)
Forum: SQL and Code Injection
Current Page: 1 of 1