Recent Posts

Categories

Archives

Ten Cents

April 14, 2007

Some information about MS-SQL server. You may find this info useful for exploiting SQL injection: Finding Table Names: Donot use:- Select name from sysobjects where xtype=’U’ Use:- SELECT table_name FROM INFORMATION_SCHEMA.TABLES [WHERE table_schema = ‘db_name’] [WHERE|AND table_name LIKE ‘wild’] The first query will only return the table names which belong… Read More

MySql default [insecure] installation in debian

April 12, 2007

i recently updated my MySql server and i am currently using the version.5.0.38-Debian_1-log If you ever wondered how MySql saves data on your hard disk, then this is best explained here. I will quote from the same website “Each database is a directory, with each table stored in a separate… Read More

Abusing Trackback utility

April 7, 2007

I was researching a bit into the wordpress trackback utility. This is how it works: You submit a post with trackback urls, and when you publish the post, the wordpress sends out a request to the URL you mentioned in the trackback URLs. Essentially this happens in the background. You—–>… Read More

WordPress 2.1.2 xmlrpc Security Issues

April 3, 2007

WordPress 2.1.2 xmlrpc Multiple Vulnerabilities: Affected Versions: These issues were reported in version 2.1.2,(current stable version) and its very likely that previous versions may also be vulnerable. 1. Privilidge Escalation: Under normal circumstances (through web interface) a user in contributor role only has access to following functions: a. read b.… Read More

Insecure Php coding

March 20, 2007

While testing a web application today, i noticed an unusual 302 HTTP response. Normally a 302 response just has a header and no html code, becuase its meant to be redirecting you to the page cited in the ‘Location’ field of the http header.� The 302 response had the html… Read More