Re: Injected, whats next

From: Serg B. (sergicles@gmail.com)
Date: Fri Aug 18 2006 - 09:55:48 EDT


On Fri, 2006-08-18 at 15:47 +0400, DokFLeed wrote:
> if you don't know the case, keep it to your self.
> plus, did you ever read the NDA or the contract we signed with the client?!
> don't be smart and try to jump to conclusions , its very tricky :)
> this is for technical discussion,
> if (you have something to say)
> {
> share it;

I tried something like that a while ago. Short answer: I didn't succeed.

I don't remember the details. I was using either PostgreSQL or MySQL
(thats the I don't remember part), PHP4 native DB libraries (not PDO),
Apache 2, Linux. In summary, what I tried was - looked up syntax
corresponding to executing shell commands through database client
console.

Then attempted to:

     1. Append it to an existing query.
        
     2. 2. Prefix it to an existing query (after the ';').
        

Problem was that language DB libraries did not understand the shell
command prefix that I used in the DB console. I tried it pretty
thoroughly since it was my own setup so I had access to everything.

If someone does answer, I'd be more then interested to see it in
action.

> }
> else .....
{
}

return true;
>
>
> ----- Original Message -----
> From: "Serg B." <sergicles@gmail.com>
> To: "DokFLeed" <dokfleed@dokfleed.net>
> Cc: <pen-test@securityfocus.com>
> Sent: Friday, August 18, 2006 2:45 PM
> Subject: Re: Injected, whats next
>
>
> > Sounds like you are exploiting someonce server, not testing an
> > application!
> >
> > An application test would stop with proof of SQL injection - no need to
> > go further.
> >
> >
> >
> > On Thu, 2006-08-17 at 17:41 +0400, DokFLeed wrote:
> >> I am testing a web application, I can run UPDATE & SELECT
> >> Does anyone know a way to upload a file to a server through MySQL !
> >> does it allow running system commands or a way to dump a file from the
> >> database to the server?
> >> its LAMP , Linux, Apache, MySQL, PHP
> >> any ideas!!
> >>
> >> Dok
> >> smoke dope, eat soap, fly home in a bubble
> >>
> >>
> >> ------------------------------------------------------------------------
> >> This List Sponsored by: Cenzic
> >>
> >> Need to secure your web apps?
> >> Cenzic Hailstorm finds vulnerabilities fast.
> >> Click the link to buy it, try it or download Hailstorm for FREE.
> >> http://www.cenzic.com/products_services/download_hailstorm.php
> >> ------------------------------------------------------------------------
> >>
> >
> >
> >
>

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:46 EDT