Recent Posts



WordPress Unauthorized Comment Disclosure

June 1, 2007

By Enumerating, the name and email address of a comment author, an attacker can read the comment submitted by the author while the comment still waits an administrator to approve it and publish it. This again points to the need for a better session management in WordPress. Read the full… Read More

Logon Time Restrictions in a Domain in Windows Server 2003 allows Username Enumeration.

May 27, 2007

Windows Server 2003 can be configured to restrict the hours and days that a user may log on to a Windows Server 2003 domain. This could lead to username enumeration. Issue:- Microsoft Windows Active Directory Username Enumeration Criticality:- Less Critical Impact:- Exposure of system information Description:- It has been identified… Read More

wordpress admin-ajax.php Sql Injection

May 22, 2007

Apologies for not posting anything on my blog for so long. I saw this wordpress exploit yesterday and its just awesome work by waraxe. Unlike my xmlrpc.php exploit this doesnot even need any privilidges and the exploit works fine. To me, it is yet another example of why magic_quote setting… Read More

Ten Cents

April 14, 2007

Some information about MS-SQL server. You may find this info useful for exploiting SQL injection: Finding Table Names: Donot use:- Select name from sysobjects where xtype=’U’ Use:- SELECT table_name FROM INFORMATION_SCHEMA.TABLES [WHERE table_schema = ‘db_name’] [WHERE|AND table_name LIKE ‘wild’] The first query will only return the table names which belong… Read More

MySql default [insecure] installation in debian

April 12, 2007

i recently updated my MySql server and i am currently using the version.5.0.38-Debian_1-log If you ever wondered how MySql saves data on your hard disk, then this is best explained here. I will quote from the same website “Each database is a directory, with each table stored in a separate… Read More