اعلان

Website

المدونة

ملاحظات يجب قراءتها:

1. نتبرئ من استخدام أي موضوع في المدونة في طريق الحرام أو ضد المسلمين.
2. إن لم تجد الموضوع الذي بحثت عنه في محرك البحث، استخدم البحث الداخلي في المدونة.
3. هناك مراكز رفع ملفات تحتاج الى استعمال بروكسي للتحميل المجاني دون عمل حساب مدفوع مثل مركز رفع uploading.com
4. نعتذر عن عدم توفر بدائل لبعض الروابط المفقودة
5. الرجاء فحص الملفات جيداً قبل التشغيل فيما يخص أدوات الهاكرز و الفيديو..الخ
6. ليست كل البرامج كاملة و ليست كل البرامج تحتاج الى تسجيل!!؟؟
7. عزيزي الزائر تشرفنا بزيارتك، و أعلم أنك لست أول زائر و لن تكون الاخير بإذن الله تعالى، تمتع بتصفح المدونة دون مشاكل بإذن الله...
8. لا تنس استخدام (رسائل اقدم) لرؤية باقي مواضيع التصنيفات

انشاء المدونة

تم انشاء المدونة في:

07\01\2009

Black ice

كل عام و أنتم بألف خير بمناسبة مرور 4 سنوات على انشاء المدونة و الحمدلله

ĬŖŞĤ@ĮĐ مدونة الخدع و الشروحات إرشيد الجرايدة ĬŖŞĤ@ĮĐ

SQL injection in URL

Quick Thing for those who try to SQL inject forms based the same way they Sql inject in a url.
Some differences.

1.When doing a url based attack to not alter the querty causing it to change before it has run its normal course.

Described in better detail.

Ex: id=15, don't go deleting the 15 and throwing in a single quote it can cause issues. When i write the article ill explain how and why. Anyways you would want to plug it in as id=15'

2.Obvious injection points to look for is most places with an equal sign.

3.Unlike a forms based injection where you keep the ' for your injections you wont be doing that for the url based.

Yes for the intail testing you want to plug it in but for a valid query you want to keep the process flowing so

when you do your injection it would be id=15 union blah blah blah.

4.Common mistake of not url encoding characters. Granted is varies upon what server is running back end. Your going to

want to url endcode.

ex: blind injection test id=15plussign1 to see if you get the id page of 16. You want 15 percentsign2b which is the plus sign

url encoded. Do the same of other special chars if you want them to be read in correctly.

Another injection worth mentioning that i left out of the last article is; Union all select table_name from information_schema.tables--

Information_schema is a list of all tables within a a database it is found in some but not all sql servers. MS sql and mysql

being two of them. Now this wont always for as sometimes you as a user need certain priviledges to access these tables. You can

do the same to get all the column names by do the same injection only doing so with union all select column_name from

information_schema.columns. Now this sort of thing is not limit to just information_schema. Below are listed some tables and

other things with which you can gather the same information but different SQL versions. I'm not going to list each command to

get these contents due to the fact i'm hoping you actully know some SQL and arn't just reading these and going of skid.

One thing you just understand is that even on the same server your syntax for getting these things to work can be different.

For instance i have found that the syntax for one particular url based injection was id='10 and so on. This was a bit different

due to the fact it goes against the general rule not to interrupt the natural flow by placing the ' before the valid value.

Generally this isn't how it goes but you never know. There always a bit of testing involved by with some effort,logic and

knowledge of how sites are programmed in general you will get it right.

MS SQL SEVER:
Sysobjects
Syscolumns

some useful variables to gather info use them with the select command

@@language
@@microsoftversion
@@servername
@@servicename
@@version

MS ACCESS:
Msysobjects
MsysQueries
MsysRelationship
MsysACEs

Oracle:
SYS.USER_OBJECTS
SYS.TAB
SYS.USER_TABLES
SYS.USER_VIEWS
SYS.ALL_TABLES
SYS.USER_TAB_COLUMNS
SYS.USER_CONSTRAINTS
SYS.USER_TRIGGERS SYS.USER_CATALOG

ليست هناك تعليقات:

إرسال تعليق