Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
This group should mostly be dealing with how web applications enable networking security issues that are otherwise not there. Everything is being tunneled over port 80 now so what does that enable and how do we fix it? 

Pages: 12Next
Current Page: 1 of 2
Results 1 - 30 of 46
4 years ago
d4rw1n
are u sure its injectable?
Forum: SQL and Code Injection
4 years ago
d4rw1n
It seems its injectable... what did you try?
Forum: SQL and Code Injection
4 years ago
d4rw1n
If the web server does not have the required permissions to execute system commands, there is no way to do it, except running a system exploit through it... That is what "server hardening" is for...;)
Forum: SQL and Code Injection
4 years ago
d4rw1n
try copying the data you want (in text format) into a table that the site is using to display data (e.g. an article). then you can retrieve them the data by callind the specific article id from your browser
Forum: SQL and Code Injection
4 years ago
d4rw1n
the actually query should be something select * from table where months=conv(int,'<INPUT>') ORDER BY date DESC; so you have to enter as <INPUT> the following: 12') having 1=1--
Forum: SQL and Code Injection
4 years ago
d4rw1n
I agreee with stuckinphp. also, if you do get to uplooad a "cmd.asp", you might get this error if IIS is running under a low priv user.
Forum: SQL and Code Injection
4 years ago
d4rw1n
rvdh: what difference does it make if it is POST or GET? Is there an attack vector based on that?
Forum: SQL and Code Injection
4 years ago
d4rw1n
m4x it doesn't have to be asp for HPP to work.
Forum: SQL and Code Injection
4 years ago
d4rw1n
Countdown to fire up...5,4,3,2,1...
Forum: SQL and Code Injection
4 years ago
d4rw1n
m4x either you don't have permissions to read the specific table or a IPS/WAF is blocking you. In the first case there isn't much you can do. In the second case you can try HPP in order to bypass the IPS/WAF.
Forum: SQL and Code Injection
4 years ago
d4rw1n
I suggest that you use NULL instead of numeric to avoid errors complaining about the the type of field. So, in barbarianbob's example you can put: detail_id=14' and 1=0 union all select NULL -- - detail_id=14' and 1=0 union all select NULL,NULL -- - detail_id=14' and 1=0 union all select NULL,NULL,NULL -- -
Forum: SQL and Code Injection
4 years ago
d4rw1n
Hello guys, I am back from my vacations and I started a new pentest! I have a prob though.... In a blind sqli field I enter the following string with no errors at all (search field): v'+CHAR((ASCII(SUBSTRING(@@version,1,1))+))+'t this returns all the results with the string "vt" so I tried v'+CHAR((ASCII(SUBSTRING((select 'a'),1,1))+0))+'t which should return the results
Forum: SQL and Code Injection
5 years ago
d4rw1n
14. Alisse
Hello people, I really didn't know where to put this post. I hope networking is the most appropriate. Anyways, during a pentest, I found port 9025 open and when I connected with nc I got the following reply: http://pastebin.ca/1494670 Do you think this is a web service listener or something like that? I am open to ideas!
Forum: Networking
5 years ago
d4rw1n
@Raz0r: You are right. You need encoding, not concatenation. @chunk: URL encoded strings, replace some special characters that the web server will not be able to undestand (i.e "space" changed to %20 or +) Download IO tools, the "morf" tool in there, can change the string from plaintext to URL encoded text for you.
Forum: SQL and Code Injection
5 years ago
d4rw1n
That's exactly what I trying to do now! I will let you know if it succeeds! Thanks lightos. You just confirmed that what I am trying is right. :)
Forum: SQL and Code Injection
5 years ago
d4rw1n
Hello guys, I have a Blind SQL injectable search field and I am trying to do basic enumeration on the database.(i.e. get the schema) The problem is that the search field is only in a column that has strings of numbers (i.e '992322232'). Normally, if there where letters on the results, I would try something like '||(select upper(substr((SELECT max(username) FROM DBA_USERS),1,1)) from dual)|'
Forum: SQL and Code Injection
5 years ago
d4rw1n
XSS is not bad for the server ;)
Forum: SQL and Code Injection
5 years ago
d4rw1n
I guess you are right. Just watch out about for where the files are stored. You don't want people replacing your /etc/passwd with a gotu.html file. ;)
Forum: SQL and Code Injection
5 years ago
d4rw1n
SpoofGhost: You couldn't be more detailed! LOL foist: Are those html files accessed from the users later on? If so, someone can upload a html with local file inclusion.
Forum: SQL and Code Injection
5 years ago
d4rw1n
try '+order+by+1 Post requests want concatanation, not spaces
Forum: SQL and Code Injection
5 years ago
d4rw1n
How do you access the box? Through SQLi?
Forum: SQL and Code Injection
5 years ago
d4rw1n
Can you please designate which exactly is the part of the query that you control (i.e. the field part). From my experience, when you have one field and two queries executed with it, it is very difficult to exploit it. Whenever you make a proper syntax for the first one, the second fails and vice versa. However, you can always drop the database. ;)
Forum: SQL and Code Injection
5 years ago
d4rw1n
why not
Forum: SQL and Code Injection
5 years ago
d4rw1n
Hmm..The code seems ok. Maybe the problem is that the server is hardened and the user that IIS is using on windows has no access on the other drives. Do you get an error messages?
Forum: SQL and Code Injection
5 years ago
d4rw1n
Hmm...Can you post the code of the shell.asp? Maybe there is a bug there.
Forum: SQL and Code Injection
5 years ago
d4rw1n
What I do in this situation is write small perl scripts that download the db column by column. You don't have to download the whole DB to prove your point. Just a few user tables, and the data from a couple of them.
Forum: SQL and Code Injection
5 years ago
d4rw1n
the defaults are ok... for the rest RTFM @ http://www.nessus.org/documentation/
Forum: SQL and Code Injection
5 years ago
d4rw1n
Niceeeee! And now I am going to use it in order to...to...hmmm...I wish I 'd thought this through!
Forum: SQL and Code Injection
5 years ago
d4rw1n
I see backbone's offer and raise it to one blank .txt file!
Forum: SQL and Code Injection
Pages: 12Next
Current Page: 1 of 2