Injection in Insert, Update and Delete Statements

sss

Introduction

Most of the time when we talk about SQL injection we extract data by using the union keyword, error based, blind boolean and time based injection methods. All this come under a place where the application is performing a select statement on the back-end database. How to inject into places where the application is performing an insert, update, delete statement? For example insert statements are used in applications when they want to store ip addresses, user agents, referrer urls and stuff in the database. While manipulating with user accounts when creating a new password, changing names, deleting accounts these statements are used. Not only just user input if we can fuzz around into whatever the application is taking as input and if they aren’t properly sanitized to filter we can go ahead and inject (Assuming that there are no WAFs or any blacklists). This post is based on the MySQL error response. In the web application mysql_error() should be echoed back to us.

Lab Setup

Let’s create a database first by the name `newdb` and create one sample table to practice our injections. Stick to your localhost. Don’t go ahead and test against live websites without any permissions. I take no responsibility for any damage you cause.
Continue reading

Advertisements

Pwning Script Kiddies – Acunetix Buffer Overflow

acc

Introduction

Recently a security researcher named “Danor Cohen – An7i” had found a buffer overflow vulnerability and he has written a nice exploit for Acunetix Web Vulnerability Scanner 8.0. As this exploit was an ascii based one I was interested in re-writing the exploit because my previous exploit was also an ascii based one. However with the emerging of bug bounties and responsible disclosure policies I’ve seen many people firing up web application security scanners against live hosts in which automated vulnerability assessments are not permitted at all. Well, by triggering this buffer overflow vulnerability we can have some fun owning the noobs 😉

Crash

When we submit a new website to be scanned by Acunetix it searches for html tags like <img src=”” >, <a href=””> to get the additional hosts from that website. So if we place an html tag in the page like Continue reading

ChromeFreak

Overview

This is a tool I coded during my ‘awurudhu’ vacation in here. A powerful forensic utility for Google Chrome. I’ve researched the most important databases and improved the existing queries and wrote this tool.  You can customize this tool as you wish. I hope you will love it 🙂

Features

  • Works with Windows, Linux and OS X
  • Can investigate databases and files effectively
  • Written in Python 2.7

Continue reading