Re: Level of Exploitation



What level of access were you able to gain with SQL Injection?

On Dec 2, 2008, at 11:14 PM, pentestr wrote:

Hi list,

I have come across a situation where I need to specify the "Level of Exploitation" to the client ( a govt. agency). I was able to do SQL Injection, Cross Site Scripting attacks against the web application. Could you share your ideas about level of exploitation. What level we can give for SQL Injection, Cross site scripting, buffer overflow, TCP stack exploit,etc

thanks in advance
Pen Testr



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------


Adriel T. Desautels
ad_lists@xxxxxxxxxxxxx




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------



Relevant Pages

  • Re: Looking for help against Chinese Hacking Team
    ... 2.Have you identified the sql injection entry point? ... with mod_security in front of your IIS servers - The OS, apache, and ... Security Trends Report from Cenzic ...
    (Pen-Test)
  • Re: SQL Injection - Waitfor delay
    ... I am trying to find more information about a SQL Injection using ... Security Trends Report from Cenzic ...
    (Pen-Test)
  • Re: Required Help on Automated Tools
    ... Hi Noxious, you can try ProxyStrike, an active http proxy that will test for XSS and SQL Injection for all the traffic passing through it. ... Security Trends Report from Cenzic ... Stay Ahead of the Hacker Curve! ...
    (Pen-Test)
  • Re: SQL Injection - Waitfor delay
    ... techniques. ... I am trying to find more information about a SQL Injection using ... "waitfor delay". ... Security Trends Report from Cenzic ...
    (Pen-Test)
  • Re: SQL Injection - Waitfor delay
    ... I am trying to find more information about a SQL Injection using ... The talk by Joseph McCray at this years Toorcon about using blind sql ... injection for downloading files was very impressive. ... Security Trends Report from Cenzic ...
    (Pen-Test)