web vulnerabilities question

Discuss the many weaknesses of browser security and ways to mitigate the threat

web vulnerabilities question

Post by waelkd on Mon Jul 06, 2009 9:44 pm
([msg=26363]see web vulnerabilities question[/msg])

if we want to chk a site for flaws ,we use sql injections,but lets say a website doesn't have a username password box,how can we sql inject it??
or do we just use ssi's and xss.
thx

EDIIT:NM www.***********.com/products/products.asp?productid=123 UNION SELECT username, password FROM USERS
waelkd
New User
New User
 
Posts: 10
Joined: Sun May 10, 2009 8:28 am
Blog: View Blog (0)


Re: web vulnerabilities question

Post by insomaniacal on Mon Jul 06, 2009 10:14 pm
([msg=26368]see Re: web vulnerabilities question[/msg])

Anything that searches through an database can be considered "testable". If it looks like it whatever form it is might be scouring some sort of database, you might as well give SQL injection a shot, if not, then look for other vulnerabilities.
It's not who votes that counts, it's who counts the votes
insomaniacal.blog.com
User avatar
insomaniacal
Addict
Addict
 
Posts: 1210
Joined: Sun May 24, 2009 10:21 am
Blog: View Blog (0)


Re: web vulnerabilities question

Post by waelkd on Mon Jul 06, 2009 11:02 pm
([msg=26370]see Re: web vulnerabilities question[/msg])

all sql command we use are query based,anyone knows a browser/url sql injection commands,or websites that supple browser commands.
thx

-- Tue Jul 07, 2009 12:20 am --

You don't have permission to access /models/ on this server.

its an apache server ,is their anywway to enable myself to access the folder
waelkd
New User
New User
 
Posts: 10
Joined: Sun May 10, 2009 8:28 am
Blog: View Blog (0)


Re: web vulnerabilities question

Post by godofcereal on Tue Jul 07, 2009 2:30 am
([msg=26376]see Re: web vulnerabilities question[/msg])

You could try the .htaccess trick but rarely works.
Im off, last year of school and all, I had something longer but char limit fucked that up. So yeah, had a good run here. Thanks for the memories. Thanks to the staff and users.

Best regards, your posting whore,
godofcereal

p.s. Defience, you the man ;)
User avatar
godofcereal
Addict
Addict
 
Posts: 1068
Joined: Wed Aug 20, 2008 6:11 pm
Location: ireland
Blog: View Blog (0)


Re: web vulnerabilities question

Post by waelkd on Tue Jul 07, 2009 6:20 am
([msg=26383]see Re: web vulnerabilities question[/msg])

already did m8,i tried everything from xss,to ssi,sql inj .htac,u name it .
seems like crac king a web site isnt easy as it seems.

those guys who really break into other sites,r really geniuses
waelkd
New User
New User
 
Posts: 10
Joined: Sun May 10, 2009 8:28 am
Blog: View Blog (0)


Re: web vulnerabilities question

Post by Schiz0id on Tue Jul 07, 2009 9:03 am
([msg=26386]see Re: web vulnerabilities question[/msg])

waelkd wrote:already did m8,i tried everything from xss,to ssi,sql inj .htac,u name it .
seems like crac king a web site isnt easy as it seems.

those guys who really break into other sites,r really geniuses


I'm sure there are many you didn't try. What about CRLF, Poison Null, LDAP Injection, File Inclusion ect. There are many types of exploits, and every site is vulnerable to something.
Schiz0id
New User
New User
 
Posts: 31
Joined: Tue Jun 30, 2009 6:16 pm
Blog: View Blog (0)



Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests

cron