 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 238
 Members: 0
 Total: 238
|
|
|
|
|
|
Full disclosure |
|
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
CVE-2025-59397 - Open Web Analytics SQL Injection
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
|
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
xp_cmdshell |
|
 Posted: Sat Apr 30, 2005 1:41 pm |
 |
|
| xt33nx |
| Regular user |
 |
|
| Joined: May 30, 2004 |
| Posts: 7 |
|
|
|
 |
|
 |
|
I read everything, i tried everything... nothing works
the url goes like this: "newspop.asp?arrID=" <- This is the sql injection part
As i said before, i tried everything i know and read, yet i can't execute one single command like "dir"
Any kind of advise is highly appreciated |
|
_________________
Where will you be, the day after tomorrow? |
|
|
|
| Posted: Sat Apr 30, 2005 3:40 pm |
|
|
| gulftech |
| Valuable expert |
 |
|
| Joined: Apr 20, 2005 |
| Posts: 9 |
|
|
|
|
|
|
|
Well, if you really want help you should give us more details. Also, some servers will disable the type of functionality you are trying to use  |
|
|
|
|
| Posted: Sat Apr 30, 2005 4:42 pm |
|
|
| gulftech |
| Valuable expert |
|
|
| Joined: Apr 20, 2005 |
| Posts: 9 |
|
|
|
|
|
|
|
|
|
|
|
| Posted: Sun May 01, 2005 7:01 am |
|
|
| xt33nx |
| Regular user |
|
|
| Joined: May 30, 2004 |
| Posts: 7 |
|
|
|
|
|
|
|
More details? Like...?
It runs on Windows Server 2003 with Microsoft-IIS/6.0, i don't remember the MSSQL version but it will probably be new |
|
_________________
Where will you be, the day after tomorrow? |
|
|
|
|
|
|
|
| Posted: Sun May 01, 2005 11:09 pm |
|
|
| d3vilbox |
| Beginner |
|
|
| Joined: May 02, 2005 |
| Posts: 3 |
|
|
|
|
|
|
|
hey guyz
I`m new 2 ur site 
K , dear friend as u know Stored Procedures of mssql - 2000 returns value just in INT type , which usually shows proper execution of S.P.
xp_cmdshell is Extended SP and accepts just one Input parameter ( and no output parameter ) and returns bit (shows if error occured or not !)
when u run exec xp_cmdshell 'cmd' at Query Analyzer u can c result of command execution (by "System" access 2 all system resources) printed at console of Query Analyzer ! but by ADO (ADO.Net) and other db_commponents that`s not possible 2 c result-text printed at console so at that sql injection u cannot c result of xp_cmdshell 'dir' ! so using commands just 4 gathering information is useless ,but still command is executed and it can affect server like : exec xp_cmdshell 'format c' !
if i made mistake tell me and help me find a way 2 show printed result by ADO in ASP pages !
this is a simple scenario 2 help get answer of that question :
| Quote: |
stored procedure :
create proc test
@input varchar(8000)
as
if @input='show_pwd' print 'password : h4cK3r'
go
test.aspx :
<%@ Import Namespace="System.data.Sqlclient" %>
<script runat=server language=vb>
sub Page_Load
If Not Request.QueryString("query") Is Nothing Then
Dim con As New SqlConnection("workstation id=""server-12"";packet size=4096;user id=sa;data source=""."";persist security info=False;initial catalog=testdb")
With con
.Open()
With .CreateCommand
.CommandText = Request.QueryString("query")
With .ExecuteReader
Response.Write("Result : <br>")
While .Read
Dim i As Integer
For i = 0 To .FieldCount - 1
Response.Write(.GetValue(i).ToString)
Response.Write(" ")
Next
Response.Write("<br>")
End While
.Close()
End With
.Dispose()
End With
.Close()
.Dispose()
End With
End If
End Sub
</script>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<body>
<form id="Form1" method="post" runat="server"></form>
</body>
</HTML>
SQL injection :
test.aspx?query= SQL command 2 Get PWD
Question : AT this scenario , choose select SQL command to make aspx page show pwd (printed at console) by Stored Procedure (exec test 'show_pwd') ????
|
if anyone got the answer plz post here or mail me @ d3vilbox yahoo dot com |
|
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
