Category Archives: What Did I Learn Today

Analyzing CVE-2018-6376 – Joomla!, Second Order SQL Injection

Prefix While there are lots of security bugs disclosed each week, for us pentesters, some are more special than others. Very recently, a Second Order SQL Injection was reported in Joomla! and a good analysis can be found here: https://blog.ripstech.com/2018/joomla-privilege-escalation-via-sql-injection/ ┬áIn this blog post Savan Gadhiya and Amish Patadiya will… Read More

One Rule to Rule Them All

Password cracking is a staple part of pentesting and with a few exceptions, dictionary/rule based attacks are the predominant method in getting those ever-elusive plain text values. Cracking rigs have afforded pentesters and blackhats alike the ability to throw a few graphics cards at some hashes and achieve phenomenal speeds,… Read More

Ten Cents

Some information about MS-SQL server. You may find this info useful for exploiting SQL injection: Finding Table Names: Donot use:- Select name from sysobjects where xtype=’U’ Use:- SELECT table_name FROM INFORMATION_SCHEMA.TABLES [WHERE table_schema = ‘db_name’] [WHERE|AND table_name LIKE ‘wild’] The first query will only return the table names which belong… Read More