From: Danux (danuxx@gmail.com)
Date: Thu Oct 18 2007 - 17:18:21 EDT
Ok, let me check and will inform you.
Thanks!!!!
On 10/18/07, Robin Wood <dninja@gmail.com> wrote:
> Getting away from code execution but have you tried directory
> traversal with this attack. If the image filename comes out of the db
> and you can control that db table then you could try putting php
> script names in instead. From that you could get some of the site
> source and then look for a way to execute your code.
>
> Robin
>
> On 16/10/2007, Danux <danuxx@gmail.com> wrote:
> > Hi, after testing a PHP-MSSQL app, i am able to insert and update
> > tables but i can't execute store_procedures, so, i was wondering if
> > its possible to update a table putting something like: "phpinfo()" or
> > (passthru("ipconfig")) in order to execute while loading the page?
> >
> > I mean:
> >
> > inside the html page the images are taken from database so... in a
> > black box perspective a think is something like: <img src=$img> and i
> > know where is the table which reads this image name, then i can update
> > the table and instead of read something like $img = picture.gif, reads
> > some thing like "phpinfo();". but as you know this is only a string,
> > even though if i update the table with: eval("phpinfo();") its also a
> > string .... so it dont get executed!!
> >
> > So, i would like you help me, what can i do if i am able to insert,
> > create and update tables but unable to run store procedures, or bulk
> > or bcp!!!!!
> >
> > Thanks!!!
> >
> > --
> > Danux, CISSP
> > Chief Information Security Officer
> > Macula Security Consulting Group
> > www.macula-group.com
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Cenzic
> >
> > Need to secure your web apps NOW?
> > Cenzic finds more, "real" vulnerabilities fast.
> > Click to try it, buy it or download a solution FREE today!
> >
> > http://www.cenzic.com/downloads
> > ------------------------------------------------------------------------
> >
> >
>
-- Danux, CISSP Chief Information Security Officer Macula Security Consulting Group www.macula-group.com ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:10 EDT