My First White Paper

https://fbcdn-sphotos-c-a.akamaihd.net/hphotos-ak-frc1/t1.0-9/q74/s720x720/10255016_10203916964751115_7123992607935286279_n.jpg

Today I am releasing my first white paper based on the SQL injection in Insert, Update and Delete statements. Special thanks to Ryan Dewhurst for the review. So here you go ๐Ÿ™‚

http://packetstormsecurity.com/files/126527/SQL-Injection-In-Insert-Update-And-Delete.html
http://www.exploit-db.com/wp-content/themes/exploit/docs/33253.pdf

Injection in Insert, Update and Delete Statements

Introduction

Most of the time when we talk about SQL injection we extract data by using the union keyword, error based, blind boolean and time based injection methods. All this come under a place where the application is performing a select statement on the back-end database. How to inject into places where the application is performing an insert, update, delete statement? For example insert statements are used in applications when they want to store ip addresses, user agents, referrer urls and stuff in the database. While manipulating with user accounts when creating a new password, changing names, deleting accounts these statements are used. Not only just user input if we can fuzz around into whatever the application is taking as input and if they aren’t properly sanitized to filter we can go ahead and inject (Assuming that there are no WAFs or any blacklists). This post is based on the MySQL error response. In the web application mysql_error() should be echoed back to us.

Lab Setup

Letโ€™s create a database first by the name `newdb` and create one sample table to practiceย our injections. Stick to your localhost. Don’t go ahead and test against live websites without any permissions. I take no responsibility for any damage you cause.
(more…)

Hotgloo XSS Filter Bypassed

Recently I thought of hunting Hotgloo website. One of my friends referred me this website. It is a awesome site which provides you create wireframes for website and webproject. You should check it out if you are web developer. They have a responsible disclosure policy. You can have a lot at it over here.
(more…)

Pwning Script Kiddies – Acunetix Buffer Overflow

Introduction

Recently a security researcher named โ€œDanor Cohen – An7iโ€ had found a buffer overflow vulnerability and he has written a nice exploit for Acunetix Web Vulnerability Scanner 8.0. As this exploit was an ascii based one I was interested in re-writing the exploit because my previous exploit was also an ascii based one. However with the emerging of bug bounties and responsible disclosure policies Iโ€™ve seen many people firing up web application security scanners against live hosts in which automated vulnerability assessments are not permitted at all. Well, by triggering this buffer overflow vulnerability we can have some fun owning the noobs ๐Ÿ˜‰

Crash

When we submit a new website to be scanned by Acunetix it searches for html tags like <img src=โ€โ€ >, <a href=โ€โ€> to get the additional hosts from that website. So if we place an html tag in the page like (more…)