|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 59
Members: 0
Total: 59
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
exploit help |
|
Posted: Mon Sep 20, 2010 10:14 pm |
|
|
neel |
Beginner |
|
|
Joined: Jul 05, 2010 |
Posts: 4 |
|
|
|
|
|
|
|
hello everyone , i need some help on understanding a basic thing before making an exploit.Considering , you want to make a sqli exploit , you have to find first the sqli flaw. So , lets say that you find a sqli bug on x random website. So here's my question . How will you know then **what** type/software of system you are penetrating? I mean maybe is CMS / cmsqlite , phpnuke , u know these were examples .Generally how to know the software in order to put a name to your exploit..? For example : Sqli on cms , u understand what i mean
Thx for your time! |
|
|
|
|
|
|
|
|
Posted: Wed Sep 22, 2010 9:58 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
You must look for clues - "powered by" in footer text, administration interface (try directories like admin, acp, admincp,administrator, administration, backend, etc ...),
look at html source - for example path to the website design/theme/skin can reveal software name.
If you see something in html source code, that catches your eye, then google it - usually it does help.
Try generate error messages - use alphanumeric strings instead of numbers, arrays instead of strings (search.php?what[]=test).
Error messages can reveal full path to the software components and other useful insider information. |
|
|
|
|
Posted: Wed Sep 22, 2010 10:44 pm |
|
|
neel |
Beginner |
|
|
Joined: Jul 05, 2010 |
Posts: 4 |
|
|
|
|
|
|
|
I got it , thx @waraxe ;- ) |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|