Re: how to exploit SQL INJECTION?

From: Christian Martorella (laramies2k_at_yahoo.com.ar)
Date: 06/22/05

  • Next message: Drage, Nick: "RE: CEH training" 
    Date: Wed, 22 Jun 2005 05:56:02 -0300 (ART)
To: pen-test@securityfocus.com

    Hi Pablo, you can get a copy of ISSAF (Information
    Systems Security Assessment Framework), it has a
    chapter called "Web Application Security (Sql
    Injection)" where you can find a comprehensive step by
    step howto for testing Sql injection in webapps.

    The ISSAF page:
    http://www.oissg.org/content/view/71/71/

    It worth the read if you don't know the ISSAF yet.

    Cheers!

    Christian Martorella
    OISSG Barcelona Chapter

     --- Pablo Escobar <slackware77@gmail.com> escribió:

    > Hello people, I made in my network website server
    > with SQL with
    > vulnerabilities to learn how to exploit it, I
    > searched in google and i
    > tried but dont work, the report of the nessus is:
    >
    >
    > The following URLs seem to be vulnerable to various
    > SQL injection
    > techniques :
    >
    > /resources/expand_subject.asp?id='UNION'
    > /resources/expand_subject.asp?id='UNION'
    > /resources/expand_subject.asp?id='UNION'
    > /resources/expand_subject.asp?id='
    > /resources/expand_subject.asp?id='
    > /resources/expand_subject.asp?id='
    > /resources/expand_subject.asp?id='%22
    > /resources/expand_subject.asp?id='%22
    > /resources/expand_subject.asp?id='%22
    > /resources/expand_subject.asp?id=9%2c+9%2c+9
    > /resources/expand_subject.asp?id=9%2c+9%2c+9
    > /resources/expand_subject.asp?id=9%2c+9%2c+9
    > /resources/expand_subject.asp?id='bad_bad_value
    > /resources/expand_subject.asp?id='bad_bad_value
    > /resources/expand_subject.asp?id='bad_bad_value
    > /resources/expand_subject.asp?id=bad_bad_value'
    > /resources/expand_subject.asp?id=bad_bad_value'
    > /resources/expand_subject.asp?id=bad_bad_value'
    > /resources/expand_subject.asp?id='+OR+'
    > /resources/expand_subject.asp?id='+OR+'
    > /resources/expand_subject.asp?id='+OR+'
    > /resources/expand_subject.asp?id='WHERE
    > /resources/expand_subject.asp?id='WHERE
    > /resources/expand_subject.asp?id='WHERE
    > /resources/expand_subject.asp?id=%3B
    > /resources/expand_subject.asp?id=%3B
    > /resources/expand_subject.asp?id=%3B
    > /resources/expand_subject.asp?id='OR
    > /resources/expand_subject.asp?id='OR
    > /resources/expand_subject.asp?id='OR
    > /resources/expand_subject.asp?id=' or 1=1--
    > /resources/expand_subject.asp?id=' or 1=1--
    > /resources/expand_subject.asp?id=' or 1=1--
    > /resources/expand_subject.asp?id= or 1=1--
    > /resources/expand_subject.asp?id= or 1=1--
    > /resources/expand_subject.asp?id= or 1=1--
    > /resources/expand_subject.asp?id=' or 'a'='a
    > /resources/expand_subject.asp?id=' or 'a'='a
    > /resources/expand_subject.asp?id=' or 'a'='a
    > /resources/expand_subject.asp?id=') or ('a'='a
    > /resources/expand_subject.asp?id=') or ('a'='a
    > /resources/expand_subject.asp?id=') or ('a'='a
    >
    > now,how can I exploit it?,somebody can guide me
    > plz?,thank u very
    > much,good luck.
    >

            

            
                    
    ___________________________________________________________
    1GB gratis, Antivirus y Antispam
    Correo Yahoo!, el mejor correo web del mundo
    http://correo.yahoo.com.ar

  • Next message: Drage, Nick: "RE: CEH training"

    Relevant Pages

    • Official release of SQL Power Injector 1.2
      ... One of the major improvements is an innovative way to optimize and accelerate the dichotomy in the Blind SQL injection, saving time/number of requests up to 25%. ... Also another great time saver is a new Firefox plugin that will launch SQL Power Injector with all the information of the current webpage with its session context. ... No more time wasted to copy paste the session cookies after you logged... ...
      (Bugtraq)
    • Official release of SQL Power Injector 1.2
      ... One of the major improvements is an innovative way to optimize and accelerate the dichotomy in the Blind SQL injection, saving time/number of requests up to 25%. ... Also another great time saver is a new Firefox plugin that will launch SQL Power Injector with all the information of the current webpage with its session context. ... No more time wasted to copy paste the session cookies after you logged... ...
      (Pen-Test)
    • Official release of SQL Power Injector 1.2
      ... One of the major improvements is an innovative way to optimize and accelerate the dichotomy in the Blind SQL injection, saving time/number of requests up to 25%. ... Also another great time saver is a new Firefox plugin that will launch SQL Power Injector with all the information of the current webpage with its session context. ... No more time wasted to copy paste the session cookies after you logged... ...
      (Security-Basics)
    • [Full-disclosure] OTRS 1.x/2.x Multiple Security Issues
      ... OTRS, the Open Source Ticket Request System, is a trouble ... ranging from cross site scripting to SQL injection. ... A malicious user may be able to conduct blind SQL code ... an attacker may be able to exploit this issue. ...
      (Full-Disclosure)
    • Official release of SQL Power Injector 1.1
      ... I have the pleasure to announce that a new version of SQL Power Injector is now officially available on my web site: ... For now it is SQL Server, Oracle and MySQL compliant, but it is possible to use it with any existing DBMS when using the inline injection (Normal ... Response of the SQL injection in a customized browser ...
      (Pen-Test)