출처 : http://k3170makan.blogspot.kr/2012/01/injecting-insert-statements-mysql-error.html Exploring my options One night while banging injection payloads into a random page I suddenly found myself in an insert statement! This is when I got the idea to use insert statements for MySQL error based injection vectors. Some people might be wondering why on earth would one would want to inject an insert?..
WEAKERTHAN - http://weaknetlabs.com/ BackTrack - http://www.backtrack-linux.org/ NETSECLOS - http://netsecl.com/download Wifiway - http://www.wifislax.com/ PHLAK - http://sourceforge.net/projects/phlakproject/ slitaz - http://www.slitaz.org/ NodeZero - http://netinfinity.org/ REMnux - http://sourceforge.net/projects/remnux/ Security Onion - http://securityonion.blogspot.com/ OWASP livecd - http:..
출처 : http://www.webhackingexposed.com/tools.html Free Web Security Scanning Tools Nikto N-Stalker NStealth Free Edition Burp Suite Paros Proxy OWASP WebscarabSQL Injection SQL Power Injector by Francois Larouche Bobcat (based on "Data Thief" by Application Security, Inc.). Absinthe - free blind SQL injection tool SQLInjector by David Litchfield NGS Software database tools Cross-Site Scripting (X..
Methods of Quick Exploitation of Blind SQL Injection # Title: Methods of quick exploitation of blind SQL Injection # Date: January 25th, 2010 # Author: Dmitry Evteev (Positive Technologies Research Lab) # Contacts: http://devteev.blogspot.com/ (Russian); http://www.ptsecurity.com/ In this paper, the quickest methods of Blind SQL Injection (error-based) exploitation are collected and considered b..
출처 :http://blog.hacktalk.net/mysql-error-based-injection/ ————————————————- Mysql Error Based injection ————————————————- Author : Keith (k3170) Makan Requirements: >A Brain >A browser >Basic SQL (poke around the internet for an SQL manual, it should’nt take long to learn) First off, lets make sure you guys know what Error Based SQL injection is and where you can find some good examples to train..
This article will be about into outfile, a pretty useful feature of MySQL for SQLi attackers. We will take a look at the FILE privilege and the web directory problem first and then think about some useful files we could write on the webserver. Please note that attacking websites you are not allowed to attack is a crime and should not be done. This article is for learning purposes only. As in the..
db querycurrent db_name+and(select 1 FROM(select count(*),concat((select (select concat(database())) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a) number of dps+and(select 1 FROM(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,count(schema_name),0x27,0x7e) FROM information_schema.schemata LIMIT 0,1)) FROM inform..
HTTP Session Hijacking(혹은 Session ID Hijacking)이라는 공격 기법은 웹 브라우징시 세션 관리를 위해 사용되는 Session ID를 스니핑이나 무작위 추측 공격(brute-force guessing)을 통해서 도용하는 기법이다. 먼저 이러한 공격에 대한 기초적인 배경지식으로 HTTP 프로토콜의 특성 및 Session ID에 대해 이해해보도록 하겠다. HTTP 프로토콜의 특성 HTTP는 기본적으로 비연결유지(stateless) 프로토콜이다. 반면, telnet과 ftp와 같은 프로토콜은 클라이언트와 서버 사이에 하나의 연결(session)이 성립되어 통신하는 프로토콜이다. 따라서, 우리가 보통 웹 브라우저를 열어 URL을 입력하고 해당 홈페이지에 들어간다는 것은 해당 홈페..