www.notsosecure.com

From Pentesters To Pentesters

29
Jun

mysql exploitation with error messages

by sid
Research

A colleague of mine(Aleks) forwarded me a russian presentation on exploiting SQL Injection:

http://devteev.blogspot.com/2009/10/advanced-sql-injection-lab-full-pack.html

Of all the slides, i particular liked the one in which the author demonstrates that if the mysql error messages have been enabled (using mysql_error() function), then it is possible to retrieve the data from the back-end database using the ExtractValue() function:
——————————————
>SELECT 1 AND ExtractValue(1, CONCAT(0×5c, (SELECT @@VERSION)))

produces:

Error Code : 1105
XPATH syntax error: ‘\5.1.44-community’

———————-
This should not be confused with the php errors. While the php errors are usually enabled its not “very” common to see developers printing the mysql errors using mysql_error() function. However, its still good to know and could sometimes come handy.

Overall, very nice presentation.

2 Comments
380
25
Jun

Blackhat, Defcon 2010

by sid
Research

This year, i will be talking at Blackhat and Defcon. The talk is titled “Hacking Oracle From Web Apps”. The details about the talk can be found here. I am also releasing a small teaser video of the new bsqlbf version which i will be releasing soon. See you in Vegas!

Link to the video

2 Comments
376
Entries (RSS) and Comments (RSS).