Recent Posts

Categories

Archives

wordpress admin-ajax.php Sql Injection

May 22, 2007

Apologies for not posting anything on my blog for so long. I saw this wordpress exploit yesterday and its just awesome work by waraxe. Unlike my xmlrpc.php exploit this doesnot even need any privilidges and the exploit works fine. To me, it is yet another example of why magic_quote setting… Read More

Ten Cents

April 14, 2007

Some information about MS-SQL server. You may find this info useful for exploiting SQL injection: Finding Table Names: Donot use:- Select name from sysobjects where xtype=’U’ Use:- SELECT table_name FROM INFORMATION_SCHEMA.TABLES [WHERE table_schema = ‘db_name’] [WHERE|AND table_name LIKE ‘wild’] The first query will only return the table names which belong… Read More

MySql default [insecure] installation in debian

April 12, 2007

i recently updated my MySql server and i am currently using the version.5.0.38-Debian_1-log If you ever wondered how MySql saves data on your hard disk, then this is best explained here. I will quote from the same website “Each database is a directory, with each table stored in a separate… Read More

Abusing Trackback utility

April 7, 2007

I was researching a bit into the wordpress trackback utility. This is how it works: You submit a post with trackback urls, and when you publish the post, the wordpress sends out a request to the URL you mentioned in the trackback URLs. Essentially this happens in the background. You—–>… Read More

WordPress 2.1.2 xmlrpc Security Issues

April 3, 2007

WordPress 2.1.2 xmlrpc Multiple Vulnerabilities: Affected Versions: These issues were reported in version 2.1.2,(current stable version) and its very likely that previous versions may also be vulnerable. 1. Privilidge Escalation: Under normal circumstances (through web interface) a user in contributor role only has access to following functions: a. read b.… Read More