Can this be exploited in any way?

Discuss the many weaknesses of browser security and ways to mitigate the threat

Can this be exploited in any way?

Post by Shino336 on Sun Jun 28, 2009 12:02 am
([msg=25981]see Can this be exploited in any way?[/msg])

I am testing my site for sql injection holes, and my program returned the result, 302 Moved Temporarily. Can this be exploited in any way to damage the site? If so, how would I protect against it? Thanks in advance. ;)

Shino336
Shino336
Experienced User
Experienced User
 
Posts: 52
Joined: Sat Nov 22, 2008 10:30 pm
Blog: View Blog (0)


Re: Can this be exploited in any way?

Post by thedotmaster on Mon Jul 20, 2009 7:44 am
([msg=27018]see Re: Can this be exploited in any way?[/msg])

I'd need more information than that, but if you are able to force an error like that by entering certain characters then it's definitely worth looking into.
Does the error message show any sourcecode or script locations? If so, that is a problem.
Could you paste some sourcecode and system configuration (webserver, OS, server-scripting language etc)?
Please don't give a URL, it will be removed.
Image
User avatar
thedotmaster
Contributor
Contributor
 
Posts: 984
Joined: Sun May 04, 2008 4:39 pm
Location: North West UK
Blog: View Blog (1)


Re: Can this be exploited in any way?

Post by Shino336 on Wed Jul 22, 2009 4:38 pm
([msg=27243]see Re: Can this be exploited in any way?[/msg])

yes, it does give error messages. So many with that response, I'm just going to post 1 string of them. here it is. I use the firefox add on, SQL inject me.

Submitted Form State:

* unnamed field:
* hl[include_form]: on
* hl[remove_scripts]: on
* hl[accept_cookies]: on
* hl[show_images]: on
* hl[show_referer]: on
* hl[rotate13]: on
* hl[base64_encode]: on
* hl[strip_meta]: on
* hl[strip_title]: on
* hl[session_cookies]: on

Results:
Server Status Code: 302 Moved Temporarily
Tested value: %31%27%20%4F%52%20%27%31%27%3D%27%31
Server Status Code: 302 Moved Temporarily
Tested value: &#49&#39&#32&#79&#82&#32&#39&#49&#39&#61&#39&#49
Server Status Code: 302 Moved Temporarily
Tested value: 1 UNI/**/ON SELECT ALL FROM WHERE
Server Status Code: 302 Moved Temporarily
Tested value: 1 AND ASCII(LOWER(SUBSTRING((SELECT TOP 1 name FROM sysobjects WHERE xtype='U'), 1, 1))) > 116
Server Status Code: 302 Moved Temporarily
Tested value: 1 UNION ALL SELECT 1,2,3,4,5,6,name FROM sysObjects WHERE xtype = 'U' --
Server Status Code: 302 Moved Temporarily
Tested value: 1' OR '1'='1
Server Status Code: 302 Moved Temporarily
Tested value: 1 AND USER_NAME() = 'dbo'
Server Status Code: 302 Moved Temporarily
Tested value: 1' AND non_existant_table = '1
Server Status Code: 302 Moved Temporarily
Tested value: ' OR username IS NOT NULL OR username = '
Server Status Code: 302 Moved Temporarily
Tested value: '; DESC users; --
Server Status Code: 302 Moved Temporarily
Tested value: 1'1
Server Status Code: 302 Moved Temporarily
Tested value: 1 AND 1=1
Server Status Code: 302 Moved Temporarily
Tested value: 1 EXEC XP_
Server Status Code: 302 Moved Temporarily
Tested value: 1' AND 1=(SELECT COUNT(*) FROM tablenames); --
Server Status Code: 302 Moved Temporarily
Tested value: 1'1
Server Status Code: 302 Moved Temporarily
Tested value: 1' OR '1'='1
Server Status Code: 302 Moved Temporarily
Tested value: 1 OR 1=1

The part I'm trying to hack uses php. I'm not sure what os or webserver it runs, but I'll try to find out. Tell me if there is anything more that you need in specific.
Shino336
Experienced User
Experienced User
 
Posts: 52
Joined: Sat Nov 22, 2008 10:30 pm
Blog: View Blog (0)


Re: Can this be exploited in any way?

Post by thedotmaster on Thu Jul 23, 2009 3:34 am
([msg=27268]see Re: Can this be exploited in any way?[/msg])

So you're trying to exploit your own site, yet you don't know what OS and what server is running. Hm.
Stop using stupid tools which don't teach you a thing. Instead learn SQL.
Stop trying to "pwn" sites - It really is pathetic and it won't get you any respect, at least not with people who know what they're doing.
Image
User avatar
thedotmaster
Contributor
Contributor
 
Posts: 984
Joined: Sun May 04, 2008 4:39 pm
Location: North West UK
Blog: View Blog (1)


Re: Can this be exploited in any way?

Post by insomaniacal on Thu Jul 23, 2009 8:52 am
([msg=27277]see Re: Can this be exploited in any way?[/msg])

It's quite possible that he just bought a hosting plan somewhere, and so has no way of knowing the O/S of the server ;).

Anyway, TheDotMaster is right. Learn SQL, learn why the injections work. That way, you can test "your site" more thoroughly, and these kinds of automated tools become much more useful, since you know how to manipulate the injection to your needs, and not just randomly "warpwn" as I'll call it.
It's not who votes that counts, it's who counts the votes
insomaniacal.blog.com
User avatar
insomaniacal
Addict
Addict
 
Posts: 1210
Joined: Sun May 24, 2009 10:21 am
Blog: View Blog (0)


Re: Can this be exploited in any way?

Post by thedotmaster on Thu Jul 23, 2009 12:57 pm
([msg=27288]see Re: Can this be exploited in any way?[/msg])

insomaniacal wrote:It's quite possible that he just bought a hosting plan somewhere, and so has no way of knowing the O/S of the server ;).


Oh yeah, good point. Still, if I were to use one of those services then I'd want to know what it was running.
Image
User avatar
thedotmaster
Contributor
Contributor
 
Posts: 984
Joined: Sun May 04, 2008 4:39 pm
Location: North West UK
Blog: View Blog (1)


Re: Can this be exploited in any way?

Post by nosidius on Thu Jul 23, 2009 1:22 pm
([msg=27292]see Re: Can this be exploited in any way?[/msg])

im actually going to agree with the dotmaster on this. An easy fix would be to just use the firefox add-on "Domain Details" also tells you what kind of server ^^

just something interesting to help
give me knowledge or give me death
User avatar
nosidius
Poster
Poster
 
Posts: 177
Joined: Fri Aug 08, 2008 1:40 pm
Blog: View Blog (0)


Re: Can this be exploited in any way?

Post by thedotmaster on Thu Jul 23, 2009 7:10 pm
([msg=27306]see Re: Can this be exploited in any way?[/msg])

An Nmap scan will give some OS details too.
Image
User avatar
thedotmaster
Contributor
Contributor
 
Posts: 984
Joined: Sun May 04, 2008 4:39 pm
Location: North West UK
Blog: View Blog (1)


Re: Can this be exploited in any way?

Post by Shino336 on Fri Jul 24, 2009 2:14 am
([msg=27330]see Re: Can this be exploited in any way?[/msg])

I have learned SQL injections, and if you had checked my profile, or some of my previous posts, you have noticed that I have written about it and passed the challenges reqiring knowladge of it. The program just makes it easier. As for not knowing the os, I am running the website off my family's domain, so I don't need to work with that stuff. Please don't say those kinds of things off of a hunch. Anyway, none of the previos posts were about my problem, they were all about what you think I am doing. So do any of you know a way that this could be used against me, or is it unexploitable? Please stop questioning me.

Shino336
Shino336
Experienced User
Experienced User
 
Posts: 52
Joined: Sat Nov 22, 2008 10:30 pm
Blog: View Blog (0)


Re: Can this be exploited in any way?

Post by thedotmaster on Fri Jul 24, 2009 4:34 am
([msg=27336]see Re: Can this be exploited in any way?[/msg])

We have to do that to determine whether you are breaking the law or not.
I would say that it isn't exploitable, but it's hard to say and it depends on how the server is configured.
May I point out though that knowing SQL injections is not enough, they're a very easy concept to grasp. Learning SQL is the best way to become good at identifying vulnerabilities.
These tools, however, do not particularly save time. If you were skilled with SQL injections you would know that the real skill involved is to determine which code is running behind the scenes. Such tools simply brute force their way in, creating a lot of noise and making your attack noticeable.
Image
User avatar
thedotmaster
Contributor
Contributor
 
Posts: 984
Joined: Sun May 04, 2008 4:39 pm
Location: North West UK
Blog: View Blog (1)



Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests