Welcome,
Guest
. Please
login
or
register
.
November 15, 2024, 07:55:18 PM
News:
tastyspleen.net discord server:
http://discord.tastyspleen.net
Home
Forum
Help
TinyPortal
Search
Calendar
Login
Register
tastyspleen::quake 2 community
»
Forum
»
The Tech Junkie Boards
»
Tech Junkie Lounge
»
Hilarious SQL injection oops
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Hilarious SQL injection oops (Read 1824 times)
VaeVictis
i was -1 because you fucking suck
Brobdingnagian Member
Posts: 4498
Rated:
Hilarious SQL injection oops
«
on:
November 10, 2011, 12:47:52 AM »
well i think its funny at least
so i was doing a lot of common attacks over the last weekend such as sql injection, and so when i took my laptop to the security bootcamp im helping lecture on to do demonstrations of simple attacks and stuff like that...
get on their network and they ahve a pretty cool set up, open wireless for guests you get in and they have a captive portal that you enter your user name and then an authentication ticket given by an admin that will add your mac address to their white list... (even though technically its still an open network without encryption and would be perfectly legal by wire tapping laws to sniff traffic on)
get on the captive portal, click the text box to enter my name, and my browsers little text box auto fill in thing dropped down with ' OR 1=1; --
lol
i have a screenshot on my other computer, ill post it in the morning, keep forgetting to post it just thought id share it... i dont even ahve that epic firefox plugin that does the sql injection auditing, my browser just decided it wanted to auto fill that into the text box, i didnt try ofc cause id hate to get kicked off campus so soon after getting there, but from my browser doing that i can already guess that some sort of injection attack would be possible, maybe not such a simple one but some sort definitely... maybe using HAVING and stuff like that to do some enumeration if they dont have proper error handling to get a list of already archived mac addresses i could spoof
Logged
reaper
Opulent Member
Posts: 2872
Nice night for a walk, eh? - Nice night for a walk
Rated:
Re: Hilarious SQL injection oops
«
Reply #1 on:
November 10, 2011, 03:39:20 PM »
You don't know it's vulnerable to SQL injection. You would receive an error message or the result you wanted. If the response is a friendly result, then you can try blind SQL injection (for example HTTP 500 response ouputs x.html), searching for true or false; however a Captcha is certainly one page that would look like SQL injection was possible, but you'd need to take a closer look. I'm not sure what form you're looking at, but often times they test true for blind SQL injection, simply because the response is different, although they are not actually vulnerable. Maybe they could improve the tests, like AND 1=1 , AND 1=2, and try X times over M.
like AND 1=1 or AND 1=2 through the POST or GET variables, or attached to the end's of variables, will return a different result with a Captcha.
It'll be pretty funny once they fix the control of execution problems and make nice secure architectures, this is the stuff that will still be around. It wouldn't even work enforcing things like taint and real escape strings, because there will always be errors in application logic.
«
Last Edit: November 10, 2011, 03:51:42 PM by reaper
»
Logged
VaeVictus "reaper is a lying sack of shit and ragequit then had, probably slugs, come alias and beat me, wasnt even the same person playing OBVIOUSLY, accuracies basicly doubled, and strategy
VaeVictis
i was -1 because you fucking suck
Brobdingnagian Member
Posts: 4498
Rated:
Re: Hilarious SQL injection oops
«
Reply #2 on:
November 10, 2011, 04:48:45 PM »
here is the pic
also, if you didnt know already reaper, using the HAVING command with different conditions, some conditions being quite long, you can do some cool enumeration with improper error handling
the funny thing with a lot of sql injection vulnerable sites is that they will have an error field used generally just for improper keys entered such as the captive portal i went to if i didnt enter a valid ticket from the admin, or your common poorly configured input where it will say invalid user name or password.... you can exploit that error handling if they arent filtering it, and use the HAVING command to find out more about what tables are in the sql database and then go from there to get the improper error handling to give you a list of mac addresses you would be able to spoof to get onto the network
the reason its funny regardless of whether the site is vulnerable to sql injection, is because i showed up on campus to help teach a computer security boot camp and the first thing that happens when i kick my laptop up is my browser wants to auto fill a basic sql OR always true statement lol
Logged
Print
Pages: [
1
]
Go Up
« previous
next »
tastyspleen::quake 2 community
»
Forum
»
The Tech Junkie Boards
»
Tech Junkie Lounge
»
Hilarious SQL injection oops
El Box de Shoutamente
Last 10 Shouts:
Costigan_Q2
November 11, 2024, 06:41:06 AM
"Stay cozy folks.
Everything is gonna be fine."
There'll be no excuses for having TDS after January 20th, there'll be no excuses AT ALL!!!
|iR|Focalor
November 06, 2024, 03:28:50 AM
RailWolf
November 05, 2024, 03:13:44 PM
Nice
Tom Servo
November 04, 2024, 05:05:24 PM
The Joe Rogan Experience episode 223 that dropped a couple hours ago with Musk, they're talking about Quake lol.
Costigan_Q2
November 04, 2024, 03:37:55 PM
Stay cozy folks.
Everything is gonna be fine.
|iR|Focalor
October 31, 2024, 08:56:37 PM
Costigan_Q2
October 17, 2024, 06:31:53 PM
Not activated your account yet?
Activate it now! join in the fun!
Tom Servo
October 11, 2024, 03:35:36 PM
HAHAHAHAHAHA
|iR|Focalor
October 10, 2024, 12:19:41 PM
I don't worship the devil. Jesus is Lord, friend. He died for your sins. He will forgive you if you just ask.
rikwad
October 09, 2024, 07:57:21 PM
Sorry, I couldn't resist my inner asshole.
Show 50 latest
User
Welcome,
Guest
. Please
login
or
register
.
November 15, 2024, 07:55:18 PM
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Search
Advanced search