Most of the time when we talk about SQL injection we extract data by using the union keyword, error based, blind boolean and time based injection methods. All this come under a place where the application is performing a select statement on the back-end database. How to inject into places where the application is performing an insert, update, delete statement? For example insert statements are used in applications when they want to store ip addresses, user agents, referrer urls and stuff in the database. While manipulating with user accounts when creating a new password, changing names, deleting accounts these statements are used. Not only just user input if we can fuzz around into whatever the application is taking as input and if they aren’t properly sanitized to filter we can go ahead and inject (Assuming that there are no WAFs or any blacklists). This post is based on the MySQL error response. In the web application mysql_error() should be echoed back to us.
Let’s create a database first by the name `newdb` and create one sample table to practice our injections. Stick to your localhost. Don’t go ahead and test against live websites without any permissions. I take no responsibility for any damage you cause.
Recently I thought of hunting Hotgloo website. One of my friends referred me this website. It is a awesome site which provides you create wireframes for website and webproject. You should check it out if you are web developer. They have a responsible disclosure policy. You can have a lot at it over here.
Recently a security researcher named “Danor Cohen – An7i” had found a buffer overflow vulnerability and he has written a nice exploit for Acunetix Web Vulnerability Scanner 8.0. As this exploit was an ascii based one I was interested in re-writing the exploit because my previous exploit was also an ascii based one. However with the emerging of bug bounties and responsible disclosure policies I’ve seen many people firing up web application security scanners against live hosts in which automated vulnerability assessments are not permitted at all. Well, by triggering this buffer overflow vulnerability we can have some fun owning the noobs 😉
When we submit a new website to be scanned by Acunetix it searches for html tags like <img src=”” >, <a href=””> to get the additional hosts from that website. So if we place an html tag in the page like Continue reading
This is a tool I coded during my ‘awurudhu’ vacation in here. A powerful forensic utility for Google Chrome. I’ve researched the most important databases and improved the existing queries and wrote this tool. You can customize this tool as you wish. I hope you will love it 🙂
- Works with Windows, Linux and OS X
- Can investigate databases and files effectively
- Written in Python 2.7
This is a small tool that can be used to investigate Skype profile data effectively. This is a open source tool written in Python 2.7. Hope to write a full forensic framework for many applications.
Download the Tool:
For the second time I got mentioned in Microsoft for the month of March 2014. I found a flash based open redirection vulnerability.
I was able to find 3 DLL hijacking vulnerabilities in the Huawei Mobile Partner software and 10 XSS vulnerabilities in their website. I received a certificate of honor (PGP signed).