Re: how to exploit SQL INJECTION?

From: Pablo Fernández (newsclient_at_teamq.info)
Date: 06/22/05

Next message: Steve Goldsby (ICS): "RE: Risks associated to branch office IPSec devices"

Previous message: kashmira.phalak_at_gmail.com: "Re: how to exploit SQL INJECTION?"
In reply to: Pablo Escobar: "how to exploit SQL INJECTION?"
Next in thread: Sugiowono: "Re: how to exploit SQL INJECTION?"
Reply: Sugiowono: "Re: how to exploit SQL INJECTION?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Pablo Escobar <slackware77@gmail.com>
Date: Wed, 22 Jun 2005 00:22:29 +0200

Well, exploiting a vulnerable SQL Injection site is very easy, you can
do it directly from your browser (even with dillo, links, wget, axel!)
(altough a PERL script is much more confortable).

If nessus told you you have some script vulnerable you can exploit them
hitting with your browser a URL such as
http://>/resources/expand_subject.asp?id='UNION'
That's assuming the script vulnerable is reachable directly using the
LAN IP of the server, if you are using vhost in the HTTP server you
should use it in the previous URL.

I hope this is clear enough, I could have written this message in
spanish, which I guess is your mother tongue, English used for the
mailing's list sake.

Saludos y suerte,
Pablo Fernández

attached mail follows:

Date: Wed, 22 Jun 2005 00:06:05 +0300
To: pen-test@securityfocus.com, nessus@list.nessus.org, bugtraq@securityfocus.com

Hello people, I made in my network website server with SQL with
vulnerabilities to learn how to exploit it, I searched in google and i
tried but dont work, the report of the nessus is:

The following URLs seem to be vulnerable to various SQL injection
techniques :

/resources/expand_subject.asp?id='UNION'
/resources/expand_subject.asp?id='UNION'
/resources/expand_subject.asp?id='UNION'
/resources/expand_subject.asp?id='
/resources/expand_subject.asp?id='
/resources/expand_subject.asp?id='
/resources/expand_subject.asp?id='%22
/resources/expand_subject.asp?id='%22
/resources/expand_subject.asp?id='%22
/resources/expand_subject.asp?id=9%2c+9%2c+9
/resources/expand_subject.asp?id=9%2c+9%2c+9
/resources/expand_subject.asp?id=9%2c+9%2c+9
/resources/expand_subject.asp?id='bad_bad_value
/resources/expand_subject.asp?id='bad_bad_value
/resources/expand_subject.asp?id='bad_bad_value
/resources/expand_subject.asp?id=bad_bad_value'
/resources/expand_subject.asp?id=bad_bad_value'
/resources/expand_subject.asp?id=bad_bad_value'
/resources/expand_subject.asp?id='+OR+'
/resources/expand_subject.asp?id='+OR+'
/resources/expand_subject.asp?id='+OR+'
/resources/expand_subject.asp?id='WHERE
/resources/expand_subject.asp?id='WHERE
/resources/expand_subject.asp?id='WHERE
/resources/expand_subject.asp?id=%3B
/resources/expand_subject.asp?id=%3B
/resources/expand_subject.asp?id=%3B
/resources/expand_subject.asp?id='OR
/resources/expand_subject.asp?id='OR
/resources/expand_subject.asp?id='OR
/resources/expand_subject.asp?id=' or 1=1--
/resources/expand_subject.asp?id=' or 1=1--
/resources/expand_subject.asp?id=' or 1=1--
/resources/expand_subject.asp?id= or 1=1--
/resources/expand_subject.asp?id= or 1=1--
/resources/expand_subject.asp?id= or 1=1--
/resources/expand_subject.asp?id=' or 'a'='a
/resources/expand_subject.asp?id=' or 'a'='a
/resources/expand_subject.asp?id=' or 'a'='a
/resources/expand_subject.asp?id=') or ('a'='a
/resources/expand_subject.asp?id=') or ('a'='a
/resources/expand_subject.asp?id=') or ('a'='a

now,how can I exploit it?,somebody can guide me plz?,thank u very
much,good luck.

Next message: Steve Goldsby (ICS): "RE: Risks associated to branch office IPSec devices"

Previous message: kashmira.phalak_at_gmail.com: "Re: how to exploit SQL INJECTION?"
In reply to: Pablo Escobar: "how to exploit SQL INJECTION?"
Next in thread: Sugiowono: "Re: how to exploit SQL INJECTION?"
Reply: Sugiowono: "Re: how to exploit SQL INJECTION?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: SQL injections and connections to a DB
... Nikto will not check for SQL Injection vulnerabilities in your code. ... I'm doing a web app pen test right now... ... >> server which is running MS SQL server 7. ...
(Pen-Test)
Re: java source code audit
... It is a common belief that Hibernate will protect 100% from SQL injection. ... You should check to ensure that the developers have implemented data validation routines that contain a default deny policy and restrict character classes to known good values. ... so I'm discarding SQL injection vulnerabilities. ...
(Pen-Test)
[UNIX] ChurchInfo Multiple Vulnerabilities
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... vulnerabilities. ... UserDelete.php - First page gives path disclosure, ... SQL injection and path disclosure: ...
(Securiteam)
MX Shop 1.1.1 and MX Kart 1.1.2 are vulnerable to multiple SQL injection vulnerabilities
... MX Shop 1.1.1 and MX Kart 1.1.2 are vulnerable to multiple SQL injection vulnerabilities ... You have an error in your SQL syntax. ... corresponds to your MySQL server version for the right syntax to use ...
(Bugtraq)
[NEWS] Oracle Database and Report Engine Multiple Vulnerabilities
... Oracle Database and Report Engine Multiple Vulnerabilities ... allows attackers to cause SQL injection, directory traversal, gather ... Oracle Reports, a component of the Oracle Application ...
(Securiteam)