SQL injection is a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database.
1
vote
2answers
43 views
How to deal with MySQL's Errcode 13 when trying to write a shell
My attack machine is running Kali and the server is running CentOS 6.4 with DVWA.
I'm trying to write a shell through an SQL injection. The payload is
' UNION SELECT '', '<?PHP ...
1
vote
2answers
54 views
How to detect and exploit an SQLi in a POST method
Making it simple (no security at all), when we want to detect whether or not a GET parameter is vulnerable to SQLi, we could just type a ' as the value (?id=') and check if there is any error. (No ...
-3
votes
0answers
24 views
sqlmap output logs roll over? [on hold]
When running sqlmap like:
sqlmap.py -u "http://redacted_url.html" --load-cookies=cookies.txt --level=5 --dbms=redacted
I had earlier run the same query with a lower level, creating a target.txt ...
2
votes
2answers
76 views
Sqlmap fails at enabling xp_cmdshell procedure
I have been browsing the web looking for some help regarding the following issue. I am currently performing an web application penetration test, and I had come accross a beautiful blind SQL Injection.
...
1
vote
3answers
122 views
No single quotes is allowed, Is this SQL Injection point still exploitable?
The SQL phrase looks like this,
"SELECT * from XX where id = '" + id + "'"
The id variable comes directly from the GET parameter named id.
And the Java web app explicitly disallowed single quote. ...
6
votes
2answers
185 views
Backdoors after SQL injection?
I just found an injection vulnerability on a live site of a client. It looks like this:
$sql = "SELECT * FROM users_dl WHERE Username = '" . $Uname . "' AND Password = '" . $Pword . "'";
I ...
-5
votes
0answers
65 views
i find the admin page but can't use username and password that i found to deface [closed]
hi after find the sql injection bug in a site i use havij to find the tables and then i find admin table and user and pass. but i can't use them in admin page to log in.my real question is that how to ...
1
vote
2answers
143 views
What makes a SQL Injection counted as blind injection?
Firstly, from what I have read so far, boolean based blind sql injection is you can't see any error messages and rely on true or false query to milk the database.
eg. Craft a query that will ask the ...
2
votes
2answers
168 views
How SQL Injection works through URL
I am Web developer , but i don't understand something , i did search and asked many but they know it is just there but the don't give me a technical answer:
Main Question :
How SQL Injection works ...
5
votes
1answer
111 views
Is Taking advantage of the IsNumeric() Function In VB.Net Through SQL Injection Possible?
Suppose this is the only mitigation used on a server:
Dim IDPerson
IDPerson = Request.Querystring("id")
If IsNumeric(IDPerson) = True Then
IDPerson = IDPerson
Else
IDPerson = 0
End If
IDPerson is ...
5
votes
5answers
623 views
How to make a site vulnerable to SQLi?
I've recently taken an interest in SQL injections - it (for some reason, correct me if I'm wrong) seemed like a good place to start (I am pretty much a beginner). Anyways, I want to make a site that I ...
7
votes
4answers
1k views
What kind of attack was this?
So our website was hacked, and these are the things that were done:
Some entries in the database were changed. I don't know if this was via SQL injection, or direct database access (only root is ...
2
votes
3answers
156 views
sql injection, exec and preg_replace filter
Ive been informed this is not safe to use in regards to sql injection:
preg_replace("/[\"'%()@$.!&?_: #\/-]/","", mysql_real_escape_string($_GET['var']));
what would be the difference in the ...
3
votes
2answers
127 views
Protecting Password Hashes with Store Procedures?
I was thinking about the recent (seemingly weekly) security breaches we've seen where millions of password hashes have been leaked and I was wondering how one might secure their site against a ...
3
votes
4answers
189 views
Generic defense againt SQL injection
This is a little bit of a rant, but there's a real question at the end.
I recently installed a new perl script on a site (which will remain nameless) which failed mysteriously with an error 403. ...
2
votes
4answers
383 views
Does escaping quotes protect me from SQL injection?
A newbie question here.
I've just read through a short introduction to SQL injection on http://www.breakthesecurity.com/2010/12/hacking-website-using-sql-injection.html?m=1
It says to find a GET ...
23
votes
4answers
2k views
Is it okay to reveal database's table names?
I'm developing web application that uses database. I have to do some operations which needs database table names and db table schema. Will it be secure if I send this kind of information to client ...
0
votes
1answer
52 views
Create additional database in server using sql injection [closed]
I'm trying to do an sql injection in DVWA with Apache2 and MySQL that would create one more database.
This: 2' union select 1,2' create database kala;#-- does not give me any errors but it also does ...
5
votes
4answers
434 views
A customers site had a big mysql injection attack on it, just want to learn from it
I created an online store for a friend of mine.
I created a system that shoots me an email any time there is a database error, that way if it is a bug in my code I can identify it and fix it. The ...
5
votes
2answers
197 views
Possibility of SQL injection on table name that filters backticks?
I am reviewing an application that has something like this:
table_name = table_name.replace('`', '')
c.execute('SELECT * FROM `' + table_name + '`')
Is this actually exploitable if the attacker ...
4
votes
2answers
419 views
SQL Injection - Extracting database data from the page content
I have a question I am hoping someone could help with..
I am in the process of writing an SQL Injection tool from scratch (I am aware there are already excellent tools out there such as SQL Map, but ...
5
votes
3answers
411 views
How do I make SQL injection harder but not impossible?
I'm doing a CTF application for my final year project. I wanted to craft a SQL injection flag but I don't wish that they can simply found out the SQLi vulnerability by injecting ' . Hence, is there ...
6
votes
3answers
1k views
Is there any SQL injection for this PHP login example?
I want to write a login form, and I got one example from the web.
I want to know, if there is any SQL injection for this code? If there is, what could the exploit's web form entry look like?
This is ...
1
vote
1answer
96 views
Isolating database? Is it possible?
I have been assigned CTF project for IT Security for my final year project in school.
We are planning to have a flag that are base on SQL injection but for the user to overcome the challenge, they ...
1
vote
1answer
113 views
WAF SQL evasion using HPF technique
I was reading an article on WAF evasion techniques http://www.slideshare.net/devteev/methods-to-bypass-a-web-application-firewall-eng. The article discuss two techniques
HPP (HTTP parameter ...
4
votes
2answers
277 views
SQL Injection - Automating the fingerprinting of the DBMS
I have a problem I'm hoping someone could help with regarding the fingerprinting of the DBMS using sql injection, in a scripted/automated way to accurately and reliabling determine the DBMS.
I am in ...
6
votes
2answers
604 views
SQL Injection: Drop All Tables
I used some vulnerability scanners to check a site of mine, and an instance of blind SQL injection was returned. However, when I try to exploit this vulnerability by entering the following into the ...
2
votes
1answer
89 views
Mark parts of strings as unsafe?
Is there a smooth way to mark unsafe parts of a string? i.e. for use in SQL.
example in php:
someFunction("safe text" . $unsafeVariable . "safe text" . $anotherUnsafeVariable);
Is there a smooth way ...
5
votes
1answer
430 views
SQL Injection - UNION SELECT and returning a 'keyword' to find exploitable columns
I have a problem I'm hoping someone could help with regarding the use of UNION SELECT, in a scripted/automated way to find columns that are exploitable (having already found the number of columns ...
1
vote
1answer
95 views
XSS MySQL Database Accessible?
I'd like to know if there is any danger of someone being able to access the database via XSS vulnerabilities on this page.
I have the following link. When you go to this link, the text I've enclosed ...
1
vote
3answers
167 views
SQL Injection - MSSQL
I'm learning about SQL injection and have the following backend code,
Set rs = server.CreateObject("ADODB.Recordset")
SQL = "SELECT * FROM Registration WHERE name='"&name&"'"
rs.Open ...
0
votes
2answers
67 views
Relation between boolean blind SQLi and time blind SQLi?
I am part of a team which developing web app penetration testing framework, and I am taking care of SQLi detection. When I tested multiple known vulnerable local sites found Boolean Blind flaw always ...
1
vote
2answers
137 views
how to find injected code in SQL
Recently one of my sites is hacked. The hacker used SQL injection to compromise the security. After getting SQL access he injected code in many places in database. I cleaned up many of them. But I am ...
4
votes
3answers
255 views
What dangerous characters need to be filtered from user input prior to use in a DB2 SQL query?
I'm looking to fully understand how to properly filter/escape dangerous characters from user input that will be interpolated into a DB2 SQL query.
The sanitization routing that I'm analyzing works ...
-2
votes
1answer
376 views
Admin area in my php website is vulnerable to sql injection without login [closed]
my website admin area is vulnerable to sql injection . I tried using havji and it hacked successfully to database. But how is this possible. without login it breaked into admin panel.
...
1
vote
2answers
138 views
Encrypting Fields in Database
I'm working on an ASP.NET web application that will have to store sensitive information. I would like to encrypt the sensitive fields to protect against any possible SQL injection vulnerabilities. ...
6
votes
3answers
561 views
SQL Injection How to inject Clean/Rest URLS
I have a question I'm hoping you could help me with?
Unclean url's:
http://example.com/index.php?page=foo
http://example.com/products?category=2&pid=25
...
7
votes
4answers
675 views
SQL injection Are there any instances where a vulnerable url would not contain an 'equals' (=) symbol
I have a question I'm hoping you could help with?
I am looking to filter/grep a very long list of spidered url's from my site to only get the url's that could possibly be vulnerable to sql injection.
...
5
votes
1answer
377 views
My site just got hit with a SQL injection attack, how can I tell what they were doing?
So a page on my site (it's a PHP page that displays newsletter articles) was vulnerable to SQL injection and got hit. I discovered it because it was doing enough database queries to cause the CPU load ...
2
votes
1answer
276 views
SQL injecting a search form which uses boolean mode
I'm testing a web app and I could get Mysql errors by inserting ' in the search field:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the ...
-1
votes
1answer
114 views
How to prevent code injection like automatically adding extra character? [closed]
Code:
$result = "Hello World";
$jsonEncodeValue = $result;
echo $jsonEncodedValue;
Assumed Output:
"Hello World"
Real Output:
\n"Hello World"
This \n Line Feed added automatically.
For this ...
3
votes
3answers
129 views
SQLi-protection ORDER BY
What would be a good check to remove all possibility of SQL-injection on an ORDER BY col where col is an unsafe variable?
I'm currently removing [^A-Za-z0-9_] from the string in php. Is this too ...
1
vote
2answers
321 views
What vulnerabilities in the OWASP Top 10 are relevant to WordPress?
I have been looking at the OWASP Top 10, and am wondering which of the top 10 security risks are relevant to a WordPress installation with various plugins installed?
I know injections and XSS are ...
0
votes
1answer
241 views
Blind SQL injection: understanding heavy queries
This article (PDF) talks about a blind injection technique based on heavy queries.
Questions:
Can anyone explain to me the purpose of using heavy queries while compared to normal time-based ...
1
vote
1answer
218 views
I've heard that salt is not meant to be secret, but what if I made it secret? [duplicate]
Possible Duplicate:
Password Hashing add salt + pepper or is salt enough?
How to store salt?
Ok I have been studying a lot about password hashing lately. And I have a few questions. So I ...
2
votes
2answers
468 views
How secure is this php code against SQL injection?
The code given below is a portion of a simple login script code..
if (isset ($_POST['login'])) {
$username = $_POST['username'];
$password = $_POST['password'];
...
1
vote
2answers
1k views
Sqlmap testing HTTP headers
I was wondering whether sqlmap is able to test HTTP headers for sql vulnerabilities. I know that if I use --level>=3 then it will automatically check for User-Agent and Referer HTTP headers, but I ...
4
votes
5answers
486 views
Are image uploads also vulnerable to sql injection?
I have some good knowledge how sql injections work. I see that the Googling inurl upload.php will tell one about the upload paths in a website. My Question is that if a person finds a path by which he ...
1
vote
2answers
270 views
UNION SQL Injection
I'm trying to demo SQL Injection with a UNION query but I'm not getting results.
This is the C# code and the database is SQL Server 2008 R2:
string cString = "server=.\\sqlexpress; ...
4
votes
2answers
214 views
What exploit types do I need to protect against in PHP?
I recently learned that apparently, it is common for people to attempt SQL injections using the HTTP referrer in PHP. What other inputs do I need to protect against? I am currently "cleaning up" ...
