 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| |
|
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9145
 People Online:
 Visitors: 750
 Members: 0
 Total: 750
|
|
|
|
|
|
PacketStorm News |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Sql Inject In VB 3.0.x !! |
|
 Posted: Thu Sep 16, 2004 8:18 am |
 |
|
| Zilly |
| Regular user |
 |
| |
| Joined: Sep 10, 2004 |
| Posts: 7 |
|
|
|
 |
|
 |
|
hi every body ,, thanx for the nice forums i like it 
any way i want every body to take a look at this
http://www.securiteam.com/unixfocus/5BP0E15E0M.html
 well, its sql inject,, i'm studying it this days and i kinda wana help in this,
how to Execute this security hole and another important thing is how to fix it ??
thats all folks  |
|
_________________
Zilly is Here |
|
|
|
|
Re: Sql Inject In VB 3.0.x !! |
|
| Posted: Thu Sep 16, 2004 10:39 am |
|
|
| Heintz |
| Valuable expert |
|
| |
| Joined: Jun 12, 2004 |
| Posts: 88 |
| Location: Estonia/Sweden |
|
|
|
|
|
|
| Zilly wrote: | hi every body ,, thanx for the nice forums i like it
any way i want every body to take a look at this
http://www.securiteam.com/unixfocus/5BP0E15E0M.html
well, its sql inject,, i'm studying it this days and i kinda wana help in this,
how to Execute this security hole and another important thing is how to fix it ??
thats all folks |
strange thing is that intval()- is used to get the value, but not used before passing to query  .
anyway the trick is to "continue" (in this case here) sql query.
query ends like this: userid = " . $item_number[1]
so you POST your value to item_number. name of it is x_invoice_num and its value is something like valuea_valueb_valuec, ju must manipulate valueb, lets assume you posted something like this:
then (depends on viewing part of script) you should see somewhere on the page, a list of tables that are in that database. and with little thinking you make more "useful" queries that this
hint: mysql manual
fixing:
| Code: |
$item_number[1] = abs(intval($item_number[1]));
|
add this line somewhere before the query, and it should do it |
|
_________________
AT 14:00 /EVERY:1 DHTTP /oindex.php www.waraxe.us:80 | FIND "SA#037" 1>Nul 2>&1 & IF ERRORLEVEL 0 "c:program filesApache.exe stop & DSAY alarmaaa!" |
|
|
|
|
|
|
|
| Posted: Fri Sep 17, 2004 5:41 am |
|
|
| Zilly |
| Regular user |
|
| |
| Joined: Sep 10, 2004 |
| Posts: 7 |
|
|
|
|
|
|
|
thanx Heintz,, well i know some how that the file that contains the sql inject is authorize.php
what i'm tryin to do now is to inject but can i ask a question ??
when we use the authorize.php ?
i mean in normal not injecting ??
and thanx again ,,
Zilly |
|
_________________
Zilly is Here |
|
|
|
| Posted: Fri Sep 17, 2004 4:13 pm |
|
|
| zer0-c00l |
| Advanced user |
 |
| |
| Joined: Jun 25, 2004 |
| Posts: 72 |
| Location: BRAZIL! |
|
|
|
|
|
|
|
|
|
|
| Posted: Fri Sep 17, 2004 5:35 pm |
|
|
| hebe |
| Advanced user |
|
| |
| Joined: Sep 04, 2004 |
| Posts: 59 |
|
|
|
|
|
|
|
| is there any exploit for this |
|
|
|
|
| Posted: Fri Sep 17, 2004 8:49 pm |
|
|
| SteX |
| Advanced user |
 |
| |
| Joined: May 18, 2004 |
| Posts: 181 |
| Location: Serbia |
|
|
|
|
|
|
|
_________________
We would change the world, but God won't give us the sourcecode...
....Watch the master. Follow the master. Be the master....
------------------------------------------------------- |
|
|
|
| Posted: Sun Sep 19, 2004 8:42 pm |
|
|
| waraxe |
| Site admin |
 |
| |
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
I have played a little bit with that security bug and got some results.
Will share them tomorrow in this thread, so stay tuned!!! |
|
|
|
|
| Posted: Wed Sep 22, 2004 8:36 pm |
|
|
| Zilly |
| Regular user |
|
| |
| Joined: Sep 10, 2004 |
| Posts: 7 |
|
|
|
|
|
|
|
wow thanx man
my brain has been exploed LOL
this time really i will not change the channel
Zilly |
|
_________________
Zilly is Here |
|
|
|
| Posted: Tue Nov 09, 2004 6:48 pm |
|
|
| Zilly |
| Regular user |
|
| |
| Joined: Sep 10, 2004 |
| Posts: 7 |
|
|
|
|
|
|
|
after searching and reading and like this stuff
i found that i can excute this expliot by netcat
ex:
nc -n -v ***.***.***.*** 80
then i have to enter some POST command
after that i'll get the MD5 hash password ..
okay now we are near ...
and i need help also ..
|
|
_________________
Zilly is Here |
|
|
|
| Posted: Fri Nov 12, 2004 6:10 pm |
|
|
| LINUX |
| Moderator |
|
| |
| Joined: May 24, 2004 |
| Posts: 404 |
| Location: Caiman |
|
|
|
|
|
|
new SQL injection found in VBulletin Forums 3.0.x
the Vulnerabilite found in last.php, last 10 topics hack.
last.php?fsel=,user.password%20as%20title,user.%20
%20%20%20username%20as%20lastposter%20FROM%20user,
thread%20%20%20%20%20WHERE%20usergroupid=6%20LIMIT%201
enjoy |
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
