Recent Posts

Categories

Archives

Logon Time Restrictions in a Domain in Windows Server 2003 allows Username Enumeration.

May 27, 2007

Windows Server 2003 can be configured to restrict the hours and days that a user may log on to a Windows Server 2003 domain. This could lead to username enumeration. Issue:- Microsoft Windows Active Directory Username Enumeration Criticality:- Less Critical Impact:- Exposure of system information Description:- It has been identified… Read More

wordpress admin-ajax.php Sql Injection

May 22, 2007

Apologies for not posting anything on my blog for so long. I saw this wordpress exploit yesterday and its just awesome work by waraxe. Unlike my xmlrpc.php exploit this doesnot even need any privilidges and the exploit works fine. To me, it is yet another example of why magic_quote setting… Read More

Ten Cents

April 14, 2007

Some information about MS-SQL server. You may find this info useful for exploiting SQL injection: Finding Table Names: Donot use:- Select name from sysobjects where xtype=’U’ Use:- SELECT table_name FROM INFORMATION_SCHEMA.TABLES [WHERE table_schema = ‘db_name’] [WHERE|AND table_name LIKE ‘wild’] The first query will only return the table names which belong… Read More

MySql default [insecure] installation in debian

April 12, 2007

i recently updated my MySql server and i am currently using the version.5.0.38-Debian_1-log If you ever wondered how MySql saves data on your hard disk, then this is best explained here. I will quote from the same website “Each database is a directory, with each table stored in a separate… Read More

Abusing Trackback utility

April 7, 2007

I was researching a bit into the wordpress trackback utility. This is how it works: You submit a post with trackback urls, and when you publish the post, the wordpress sends out a request to the URL you mentioned in the trackback URLs. Essentially this happens in the background. You—–>… Read More